This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Questions on SAML/SSO configuration on Edge Private Cloud 4.17.09

Posted on 11-01-2017 06:00 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi Team,

A customer plans to use SAML/SSO feature on Edge Private Cloud 4.17.09 release. And they have questions as follows;

1. How to enable/disable Edge SSO and to use different SAML IDP for each org?

By looking at the config file used for apigee-sso and edge-ui setup it seems that all the orgs have single config file by the default setup.

Then how can we configure different SAML IDP by 'SSO_SAML_IDP_NAME=' and enable/disable UI with 'EDGEUI_SSO_ENABLED=y/n' for each org independently?


2. Is it possible to configure TLS encrypted communication between Edge UI and Edge SSO?

By looking at the Apigee Docs it seems TLS config between Edge SSO and SAML IDP only are explained.
Is it also possible to enable it for Apigee system internal communication?

Could you please answer to these questions?
I'll appreciate your help.


Regards,
Toshi

Solved Solved
0 2 379
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
sgilson
New Member
Reply posted on --/--/---- --:-- AM

HI @Toshihiro Shibamoto\

I can respond to a few of these.

For #1, there is no way that I know of to enable SAML at the org level or use a different IDP for each org. Edge SSO config has a single, global setting for the IDP and the UI has a single, global setting to enable to disable SAML.

For #2, TLS is possible. See the doc here. That doc describes two ways to enable TLS on Edge SSO, which then means the UI uses TLS to access it.

Stephen

View solution in original post

Jump to Solution
2 REPLIES 2

Posted on --/--/---- --:-- AM
sgilson
New Member
Reply posted on --/--/---- --:-- AM

HI @Toshihiro Shibamoto\

I can respond to a few of these.

For #1, there is no way that I know of to enable SAML at the org level or use a different IDP for each org. Edge SSO config has a single, global setting for the IDP and the UI has a single, global setting to enable to disable SAML.

For #2, TLS is possible. See the doc here. That doc describes two ways to enable TLS on Edge SSO, which then means the UI uses TLS to access it.

Stephen

Jump to Solution

Posted on --/--/---- --:-- AM
Not applicable
In response to sgilson
Reply posted on --/--/---- --:-- AM

@sgilson Thank you very much for the answer and the clarification!

Jump to Solution
0 Likes