-
Notifications
You must be signed in to change notification settings - Fork 94
Using Asgardeo as an IdP
Follow the instructions below to use Asgardeo as the Identity Provider (IdP) to authenticate the APIs that belong to a specific Organization:
Create an organization in Asgardeo.
Create a sub-organization in Asgardeo within the organization that you created.
Create a user within the sub-organization that you created.
-
Create an application within the main organization that you created in Step 1.
-
Click on the newly created application.
-
Click on the Info tab to view the IDP related configurations.
All the IDP related configurations are listed under Service Endpoints.
-
Navigate to the
<APK-HOME>/helm-charts/
directory and open thevalues.yaml
file. -
Update the IDP related configurations in the
ipd
section.idp: issuer: "" authorizeEndpoint: "" tokenEndpoint: "" revokeEndpoint: "" jwksEndpoint: "" usernameClaim: "" groupClaim: "" organizationClaim: "" clientId: "" clientSecret: ""
-
organizationClaim
- This should always beuser_organization
. - Update all other values based on the Service Endpoint details that you came across in Step 4.
-
-
Open Postman.
-
Navigate to the
POST
Generate Auth code token
REST API. -
Make sure that the Token generation call has the same information that was entered in the Helm Chat in Step 5.
Auth URL
Access Token URL
Client ID
Client Secret
-
Click Clear Cookies.
-
Click Get New Access Token.
This redirects you to the Asgardeo Sign in page.
-
Click Sign in with Organization Login.
-
Enter the name of the organization that you created in Step 1.
-
Click Submit.
-
Enter the user credentials (email and password) of the user that you created in the sub-organization.
You will receive an access token when the token call is successful.
-
Copy the access token that you see listed as the
id_token
.
1. Decode the access token using a JWT decoder (e.g., [https://jwt.io/](https://jwt.io/)).
2. Copy the value listed for `user_organization`, which is in the Payload data section.
3. Define the CR for an organization.
Enter the `user_organization` value that you copied above as the `organizationClaimValue:` value.
4. [Create an organization in APK](https://github.com/wso2/apk/wiki/Organizations#create-an-organization) using the organization CR, which you created in the previous step.
Use the JWT token that you received in the previous step to invoke the GET
Runtime API List Services
system API.