The CA API Gateway can be configured to act as Service provider (SP), Identity Provider (IdP) or both. In this sample the Gateway is used as SP and the IdaaS platform onelogin.com is used as IdP. The communication is configured to use SAML 2.0. The sample are developed by Ben_Urbanski I think, see attached XML files.
First of all I set up the to service for SP and Idp in the gateway to work as designed.
- Create a "Publish Web API" as SP with custom resolution path as "/saml2/websso/serviceprovider"
- Import the policy SAML SSO ServiceProvider.xml into the above service.
- Create a "Publish Web API" as IdP with custom resolution path as "/saml2/websso/identityprovider"
- Import the policy SAML SSO IdentityProvider.xml into the above service.
- Check it is working with the URL "http://explore.apim.ca:8080//saml2/websso/serviceprovider" in your browser
- You should be redirected to a login page on the gateway.
For more details, please see the original post on Post in CA API Forum