Hi,

I am trying to achive the api-flow to integration SAML with the Federating Google Cloud with Active Directory (ADFS GCP ) .

So the APIGEE will act as SP (Service provider) and ADSF act a IDP (Identity Provider).

similarly as https://kb.grip-on-it.com/en/service-integration/saml20/

Now I have some queries on the same

1) Can APIGEE act as a SP for SAML integration for API-flow (Its not related to apigee edge SSO)

2) Do we have any flow/proxies/example where APIGEE acted as a SP and integration done with any IDP through SAML?

3) I have gone through https://docs.apigee.com/api-platform/reference/policies/saml-assertion-policy where I understood this 2 policies as below

a) Inbound authentication and authorization: Validate SAML Assertion policy

This policy can be used to validate the SAML assertion response which we received from the IDP (Validation of the SAML assertion at APIGEE where APIGEE acting as a SP)

b) Outbound token generation: Generate SAML Assertion policy

This policy can be used to generate the SAML assertion response if APIGEE act as IDP

Now to initiate the SAML flow, APIGEE as a SP need to generate the SAML request for IDP, and to do the same I have not found any OOB policy in the APIGEE, Do we have any ?
4) at the end this flow return the access_token where SAML assertion would be associated as a custom attribute and can be pulled in the api authorization flow

any direction/help would be much appreciated

@Dino-at-Google @Dino