Layer7 API Management

Hi professionals,

I'm trying to integrate SAML SSO for Developer Portal via GW on to Active Directory with ADFS 2.0.

I did all the actions written here:

https://docops.ca.com/ca-api-developer-portal/3-5/set-up-the-api-portal/set-up-saml-single-sign-on

However, I can't find any documentation on how to configure the AD side with the SAML.

In the Policy I've changed the IDP_URL to AD ones, and on AD side I've created "manually" the Relaying Party Trust, because metadata XML is not available from CA API.

But how about the 'Claim Rules' and other things, certificates, etc.

Can some one give an advice for this type configuration?

Thanks,

I've never configured the AD side for SAML, so that's something you should probably take to an AD forum. Unfortunately, your link has vanished (I get 404 when I click on it).

The Gateway handles SAML tokens very well, and I know we have worked with AD claims type tokens before (claims are just attributes).

Denis,

Did Jay's response help with your question?

Sincerely,

Stephen Hughes

Director, CA Support

Hi,

 No, I've completely reconfigured logic of the SAML flow, because AD scheme for SAML token is different, so changes need to be made . In the end all working

Denis,

Would you be able to share in the community what you did to get this to work.

Sincerely,

Stephen Hughes

Director, CA Support

Hello Stephen_Hughes,

I don't notice this thread, but my document,

Integrate ADFS login form for authentication 

should include the policy example to decrypt the ADFS SAML response.

I guess Denis Kalitviansky would use the similar processes.

Regards,

Mark