VMware Identity Manager provides Identity management solution along with Single Sign ON functionality.
Some times we have requirement of using VIDM as SP (service provider ) and this service provide VIDM needs to use another VIDM or any other 3rd party solution as IDP for example Oracle Identity Management , Microsoft ADFS. This configuration is also supported by VIDM.
Follow below steps to configure VIDM ad SP and IDP both.
1) VIDM (IDP end configuration ) : IDP end configuration pretty much remains the same as other SAAS or internal web application, We will basically create a new application by making use of SP metadata from second VIDM instance.
Go to catalog > add application > create a new application
Provide a name to your application (SP VIDM) , keep settings defaults and click next
on next page provide SP Metadata URL and save settings , it will automatically fetch all details and configure application accordingly.
we can either provide url if it failed with some error we can copy past metadata using second option.
provide URL or copy past metadata using second option.
save settings click next and add all users or any security group into entitlements.
In Addition to this we have to configure some attributes that we will send in a SAML token so Application is able to identify user details,
We will navigate to application configuration > scroll down and add attributes as mentioned in below screen shot
This is configuration from VIDM as IDP.
2) VIDM (SP end configuration) : now we will do configuration from VIDM as application.
Ws-ui2.vclass.local is my Service provider (application IDM)
We have to configure a third Party IDP using IDP metadata from Identity provider VIDM.
navigate to identity & access management > click Manage and click Identity Providers > there click Add Identity Provider
Provide a name , copy paste IDP metadata and keep other things defaults in Name ID format.
Click option to enable Just-in-time User Provisioning (this option will help in time provisioning of user using SAML token)
provide directory name and domain scroll down more
in authentication methods put time as name and select time sync token in SAML context. (this time or the name given will be needed during provisioning access polity)
keep single sign-out configuration un changed. click add to finish configuration.
now go to Policies and click on default_Access_policy_Set
click on authentication method and select time as first method to login
configure TIME as first auth method and password (local directory ) as fall back and we are done with configuration from Service provider VIDM end.
Now its time to launch SP VIDM from IDP VIDM portal. It will be single sign on to SP VIDM