This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

SAML SP-Flow initiate Request Construction

Posted on 07-03-2020 03:41 AM
sarsisod
New Member
Reply posted on --/--/---- --:-- AM

@Dino-at-Google @Dino @williamssean @yuriyl

Hi,

I have explored the APIGEE OOB SAML policies and understood, one is for generating the SAML assertion if Apigee act as IDP and another one is to validate SAML Assertion response in case Apigee act as SP.

Now in my case APIGEE edge is (api-flow) is acting as SP where Apigee will initiate the auth-flow 

<saml:AuthnRequest>
// required XML 
</saml:AuthnRequest>

I tried creating SAML auth request as below with the help of "GenerateSAMLAssertion" policy which I saw its not possible. Do we have any proven method/way to create the SP-flow initiate request in apigee OR any work-around to do the same ? 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<GenerateSAMLAssertion ignoreContentType="true" name="Generate-SAML-Assertion">
    <DisplayName>Generate SAML Assertion</DisplayName>
    <KeyStore>
        <Name ref="reference">mockserverKeystore</Name>
        <Alias ref="reference">mockserver</Alias>
    </KeyStore>
    <Subject>subject</Subject>
    <Issuer>issuer</Issuer>
    <Template ignoreUnresolvedVariables="false"><![CDATA[
   <?xml version="1.0" encoding="UTF-8"?>
<saml:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ONELOGIN_809707f0030a5d00620c9d9df97f627afe9dcc24" Version="2.0" ProviderName="SP test" IssueInstant="2014-07-16T23:52:45Z" Destination="http://idp.example.com/SSOService.php" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="http://sp.example.com/demo1/index.php?acs">
   <saml:Issuer>http://sp.example.com/demo1/metadata.php</saml:Issuer>
   <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true" />
   <samlp:RequestedAuthnContext Comparison="exact">
      <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
   </samlp:RequestedAuthnContext>
</saml:AuthnRequest>


]]></Template>
    <OutputVariable>
        <FlowVariable name="assertion.content"/>
    </OutputVariable>
</GenerateSAMLAssertion>
Solved Solved
0 1 350
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Check this Q&A.

View solution in original post

Jump to Solution
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Check this Q&A.

Jump to Solution
0 Likes