How to use SSOCircle as an IDP for SSO service in bluemix?
SSOCircle provides a ready to use Identity Provider according to their website. I wanted to simulate SAML SSO and integrate it in sample Liberty for Java application in bluemix.
What I did so far:
Downloaded SSOCircle Public IDP Metadata from "Manage Metadata". Uploaded it into the bluemix SSO service via the upload file button and entered https://idp.ssocircle.com/sso in the textbox under "Step 1" in the SAML Enterprise setup.
Downloaded SAML metadata under "Step 2" in the SAML Enterprise setup and imported it in SSOCircle. The FQDN that I used is: https://ssocruzgstest-8iotczj2sk-cabc.iam.ibmcloud.com.
Edit** Changed URL to https://idp.ssocircle.com/sso/idpssoinit?metaAlias=/ssocircle&spEntityID=https://ssocruzgstest-8iotczj2sk-cabc.iam.ibmcloud.com/idaas/mtfim/sps/idaas/saml20 as recommended by Martin
After integrating. I pointed my browser to https://cruzgsjava1.mybluemix.net then clicked "Sign in with SAML Enterprise".
I got redirected to https://idp.ssocircle.com/sso/UI/Login?module=peopleMembership&goto=https%3A%2F%2Fidp.ssocircle.com%2Fsso%2Fidpssoinit%3FmetaAlias%3D%2Fssocircle%26spEntityID%3Dhttps%3A%2F%2Fssocruzgstest-8iotczj2sk-cabc.iam.ibmcloud.com%2Fidaas%2Fmtfim%2Fsps%2Fidaas%2Fsaml20. I logged in and encountered an error
Your URL is wrong. I have not seen clear documentation on ssocircle.com, but I found some samples from which I could deduce the (hopefully) right URL pattern. This is what I use for testing:
https://idp.ssocircle.com/sso/idpssoinit?metaAlias=/ssocircle&spEntityID=<your SP entity ID>;
You can find out your SP entity ID by downloading the service provider metadata in step 2 and inspect the attribute "entityID" of the root element "md:EntityDescriptor".
- Verify Microsoft Access token on my ASP.NET Core Web API
- How to set Azure MSAL SSO for my Nextjs14 app using Approuter and next-auth
- StackOverflow with Keycloak as login provider returns empty email address
- IdentityServer4 and SSO
- Spring Boot + Security + MVC + LDAP AD + SSO
- Issue with Windows Authentication Type on IIS with Multiple Host Bindings
- Generate IDP Certificate in Azure AD for SSO
- Disqus SSO, "Your API key is not valid on this domain"
- Sign-in With Apple: Possibility To Create Duplicate Account Issue
- AADSTS9002325: Proof Key for Code Exchange is required for cross-origin authorization code redemption
- MS Graph InteractiveBrowserCredential , Is a Client ID registered in Azure Portal really necessary?
- Logout from next-auth with keycloak provider not works
- How to validate access token from AzureAD in python?
- Outlook SSO NAA in pure JS without node.js
- How to create SSO from Liferay to another portal / service?
- How to add ForceAuthn flag on AWS cognito
- Download file from TeamCity with SSO using bash
- Which is the best sample/approach to start openiddict server to provide logins to wordpress?
- No Sustainsys.Saml2 for MVC 3? Are there any alternatives?
- Which lib to create an Identity provider to connect to service provider
- The page you are looking for cannot be displayed because an invalid method (HTTP verb) is being used
- Best way to implement Single-Sign-On with all major providers?
- Azure AD token for accessing Graph token
- Integration of SSO using MSAL in Angular project gets 401 returned error after login
- Simple way to put AWS Lambda app behind SAML authentication
- Why wouldn't the IdP initiate contact with the SP in a SAML 2.0 SSO integration?
- Log out from SSO kerberos
- Getting TypeError: client_secret_basic client authentication method requires a client_secret
- SSO not working in iOS when using AWS Cognito and Azure AD
- Azure b2c still authenticated after hitting logout