WSO2 APIM - SAML SSO - ACS URL
Question
having WSO2AM 2.1.0 in distributed setup (KM, GW, TM deployed and scaled separately) we'd like to enable SAML SSO for application users with an external SAML IdP.
Main question is - what is the SAML ACS url for the APIM as SP in this setup?
By default (it's working) the ACS URL is https://host:9443/commonauth , however as far I understood the client should have access only to the Gateway services (port 8243). On the port 8243 there are even all OAuth services exposed too.
So - do we need to expose a route / ports to 9443 (gateway to key manager)?
Thank you for any insight
1 answers
solution1
0 2018-04-27 09:49:24
question is bit unclear. We can setup SSO for publisher and store applications only. There is no connection with the gateway when configuring this. see https://docs.wso2.com/display/AM2xx/Configuring+Identity+Server+as+IDP+for+SSO . Since API Publisher or store acts as the SP, We set ACS url for publisher as https://localhost:9443/publisher/jagg/jaggery_acs.jag and for store as https://localhost:9443/store/jagg/jaggery_acs.jag
Gateway is there to accept the API requests. so only 8243 and 8280 are needed to exposed to public. but gateway needs to talk to keymanager (to validate tokens) so there needs to be a connection between gateway and keymanager.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.