This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

SAML login with Apigee admin

Posted on 09-16-2018 05:19 AM
deniska
New Member
Reply posted on --/--/---- --:-- AM

Hi,

I've configured SAML access with my IDP (Active Directory, over ADFS 3.0).

All configuration & installation of the Apigee SSO module was O.K.

Now, in the ADFS (which have domain like ad.local.denis) I created user called apigee, and gave him email that was on my local Apigee before SAML : opdk@google.com, and password (in AD is Secret123).

I'm getting new UI on login, redirected to ADFS landing page, and I try to enter with opdk@google.com:Secret123

In the AD logs I can see that user\password is incorrect... but this is 100% correct.

Anyone with same issue please?

Cheers;

-D

Solved Solved
0 2 243
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

In the AD logs I can see that user\password is incorrect... but this is 100% correct.

I think the ADFS login is.... in charge of the login. If I understand what you've done, you set up a user in ADFS, and your attempts to login are failing. The AD logs are saying it's an incorrect login.

This seems to have nothing to do with Apigee Edge acting as a service provider in a SAML exchange. The "incorrect login" is happening all in Active Directory.

The first thing I would do, if I were you, is verify that the login is correct, independently of Apigee Edge. You've asserted "this is 100% correct" - but how do you know that? How have you verified that? The evidence you are presenting suggests that it is not "100% correct". Maybe the password is not what you think it is? Maybe the account is disabled? etc.

View solution in original post

Jump to Solution
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

In the AD logs I can see that user\password is incorrect... but this is 100% correct.

I think the ADFS login is.... in charge of the login. If I understand what you've done, you set up a user in ADFS, and your attempts to login are failing. The AD logs are saying it's an incorrect login.

This seems to have nothing to do with Apigee Edge acting as a service provider in a SAML exchange. The "incorrect login" is happening all in Active Directory.

The first thing I would do, if I were you, is verify that the login is correct, independently of Apigee Edge. You've asserted "this is 100% correct" - but how do you know that? How have you verified that? The evidence you are presenting suggests that it is not "100% correct". Maybe the password is not what you think it is? Maybe the account is disabled? etc.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
deniska
New Member
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Hi Dino, thanks for anwswer. I was sure because I was logged in to my AD with those creds :).

From doc's I udnerstood that in IDP there can be ANY username, but the e-mail attribute need to be corresponded to Apigee user - admin, e.g. user in AD can be with UPN : denis@contoso.com, while his mail can be denis@apigeelocal.com (which is the same in the Apigee user), but it seems that UPN need to be same as user in Apigee, e.g. you need to create user (like written in docs) with you IDP UPN domain, e.g. denis@contoso.com need to be also in the Apigee, and user in IDP can be even without email attribute.

Cheers.

Jump to Solution
0 Likes