Here is an example of a working TIB profile with Azure as the Identity Provider. Please click on the Link for more information on each value configured in the tib profile.
If you require more information related to the CertLocation value, please see this VIdeo; it shows how to upload a certificate to the tyk-dashboard and apply it to the tib profile.
{
"ID": "TykSaml",
"Name": "",
"OrgID": "612fc4695653740001a14f9b",
"ActionType": "GenerateOrLoginUserProfile",
"MatchedPolicyID": "",
"Type": "redirect",
"ProviderName": "SAMLProvider",
"CustomEmailField": "",
"CustomUserIDField": "",
"ProviderConfig": {
"CertLocation": "Your certificate ID",
"FailureRedirect": "https://<Your dashboard URL>/?fail=true",
"ForceAuthentication": false,
"IDPMetaDataURL": "https://login.microsoftonline.com/d58484f3-22c6-463c-9f11-78ac801d45e3/federationmetadata/2007-06/federationmetadata.xml?appid=8bda1d1d-6e70-42be-bbc7-a9c22a7ea624",
"SAMLBaseURL": "https://<Your dashboard URL>/",
"SAMLEmailClaim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"SAMLForenameClaim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"SAMLSurnameClaim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
},
"IdentityHandlerConfig": {
"DashboardCredential": ""
},
"ProviderConstraints": {
"Domain": "",
"Group": ""
},
"ReturnURL": "https://<Your dashboard URL>/tap",
"DefaultUserGroupID": "",
"CustomUserGroupField": "",
"UserGroupMapping": {},
"UserGroupSeparator": "",
"SSOOnlyForRegisteredUsers": true
}
Note: The certificate and private key must be in one file with the certificate and private key concatenated. See the example below.
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
cat cert.pem key.pem >> combine_cert.pem
Azure's side
Comments
0 comments
Please sign in to leave a comment.