Hi,

As per SSO Docs for Apigee SaaS indicates following

1) "Note: You cannot access the Edge SSO Zone Administration page if you sign in using your company single sign-on (SSO) credentials that are processed through your company's third-party SAML identity provider. You must use your Edge user account."

Q: A) Tried clicking on "Login to saml" based on IDP link path after enabling with

"SAML IDP zone" and login when i got to admin -->SSO (after enabling SAML IDP configuration per documentation)

It loads the SSO page with error "unauthorized Request : invalid token"

Is it because of above Note ? because I am trying to load the SSO page of Apigee after enabling SAML IDP ? please confirm ?

2) As per Apigee Known issues link

Which indicates the following

"Single logout (SLO) with the SAML identity provider is not supported for custom domains. To enable a custom domain with a SAML identity provider, leave the Sign-out URL field blank when you configure SAML settings."

Q b) What does Custom Domain means ? For us once I removed SLO in the SSO configuration then SSO logout worked (else it throws error).

3) We have SSO SAML configuration when navigating to admin -->SSO (once you click on Zone name) & also in second place ie under also under "Publish -->Developer Program --> name of "portal"

-- > Click on Configuration --> SAML (BETA) and configured the " SAML Identity Provider" This as will also asks for certificate Sign in URL similar to what admin -->SSO asks for..

Q.c) Do we need to configure it both places ?

4) We are not using Portal and we need SSO SAML to be configured for Apigee SaaS Gateway do we also require Step 3 ? and hence admin -->SSO (is enough ?)

Please comment