Single Sign On with SAML 2.0 (beta)
Legacy Documentation
You're viewing legacy documentation for API Fortress (deployed via an on-premises container). To view documentation for the new SaaS version of API Fortress — now known as Sauce Labs API Testing and Monitoring (with Sauce Connect tunnels) — see API Testing on the Sauce Labs Cloud.
This feature is self-hosted/on-premises only
If you are using a self-hosted/on-premises deployment and would like to set up single sign-on (SAML 2,.0) follow the below instructions.
Step 1: Activate It
Whether you’re using a docker-compose or a Kubernetes deployment, introduce the following environment variable:
Name: samlEnabled Value: 'true'
Step 2: Configure It
The provided saml/saml.properties
file contains all the configuration keys necessary to the SAML functionality.
onelogin.saml2.sp.entityid
: identifies the SPonelogin.saml2.sp.assertion_consumer_service.url
: where the response from idp is returned after an authentication requestonelogin.saml2.sp.single_logout_service.url
: where the response from idp is returned after logout requestonelogin.saml2.idp.single_sign_on_service.url
: where the SP will send the Authentication Requestonelogin.saml2.idp.single_logout_service.url
: where the SP will send the logout requestonelogin.saml2.idp.x509cert
: publicx509
certificate of the IdP
Examples:
onelogin.saml2.sp.entityid = apifortress
onelogin.saml2.sp.assertion_consumer_service.url = http://apif.example.com:8080/app/web/login/acs
onelogin.saml2.sp.single_logout_service.url = http://apif.example.com:8080/app/web/login/sls
onelogin.saml2.idp.entityid = https://app.onelogin.com/saml/metadata/7037e41d-4ab4-417a-b0a2-c4e2f580faf2
onelogin.saml2.idp.single_sign_on_service.url = https://apifortress.onelogin.com/trust/saml2/http-post/sso/917654
onelogin.saml2.idp.single_logout_service.url = https://apifortress.onelogin.com/trust/saml2/http-redirect/slo/917654
onelogin.saml2.idp.x509cert = -----BEGIN CERTIFICATE-----CERTIFICATE HASH-----END CERTIFICATE-----
Further changes can be applied to the expected properties:
apifortress.firstname=FIRSTNAME
apifortress.lastname=LASTNAME
apifortress.mail=MAIL
In IDP one of MANAGER,DEVELOPER,ANALYST: apifortress.level=LEVEL
By altering these configuration keys, you change the name of the property that’s being sent by the IDP. As a default, the required properties are:
FIRSTNAME,
LASTNAME,
MAIL, and LEVEL (which represents the level of the user within API Fortress and can be one of the following values: MANAGER, DEVELOPER, or ANALYST. If the field is not provided, MANAGER is assumed.
The admin status can only be set via the API Fortress configuration panel.)
There may be other configuration keys to be altered based on the IDP requirements.
Step 3: Mount It
Mount the provided "saml" directory to the location: /usr/local/tomcat/webapps/app/WEB-INF/saml
If Kubernetes is being used, ConfigMaps will achieve the same result.
Step 4: Restart API Fortress
Restart the API Fortress dashboard(s).
The login screen will now look like this: