webMethods API Portal tutorial
In this tutorial, you will learn how to integrate webMethods API Portal with Azure Active Directory (Azure AD). This integration provides you with the following benefits:
- You can control in Azure AD who has access to webMethods API Portal.
- You can enable your users to be automatically signed-in to webMethods API Portal (Single Sign-On) with their Azure AD accounts.
- You can manage your user accounts in one central location - the Azure portal.
To configure Azure AD integration with webMethods API Portal, you need an Azure AD subscription. If you don't have an Azure AD environment, you can get one-month trial.
- webMethods API Portal supports SP and IDP initiated SSO
- webMethods API Portal supports just-in-time user provisioning based on the SAML responses.
Adding new application from the gallery
To configure the integration of webMethods API Portal into Azure AD, you need to add "webMethods Integration Cloud" application from the gallery to your list of managed SaaS apps. To add "webMethods Integration Cloud" from the gallery, perform the following steps:
- In the Azure portal, on the left navigation panel, click Azure Active Directory icon.
- Navigate to Enterprise Applications and then select the All Applications option.
- To add new application, click New application button on the top of dialog.
- In the search box, type "webMethods Integration Cloud", select "webMethods Integration Cloud" from result panel then click Add button to add the application.
Configure Azure AD single sign-on
In this section, you enable Azure AD single sign-on in the Azure portal.
To configure Azure AD single sign-on with webMethods API Portal, perform the following steps:
- In the Azure portal, on the "webMethods Integration Cloud" application integration page, select Single sign-on.
- On the Select a Single sign-on method dialog, select SAML/WS-Fed mode to enable single sign-on.
- On the Set up Single Sign-On with SAML page, click Edit icon to open Basic SAML Configuration dialog.
- On the Basic SAML Configuration section, If you wish to configure the application in IDP initiated mode, perform the following steps:
- In the Identifier text box, type a URL using the following pattern: developers.fazio.com (this would be your DNS of API Portal instance)
- In the Reply URL text box, type a URL using the following pattern: https://developers.fazio.com/umc/rest/initsso (replace developers.fazio.com with your DNS)
- On the Set up Single Sign-On with SAML page, in the SAML Signing Certificate section, click Download to download the Federation Metadata XML from the given options as per your requirement and save it on your computer.
- On the Set up webMethods Integration Cloud section, copy the appropriate URL(s) as per your requirement.
Create an Azure AD test user
The objective of this section is to create a test user in the Azure portal
- In the Azure portal, in the left pane, select Azure Active Directory, select Users, and then select All users.
- The "Users and groups" and "All users" links
Select New user at the top of the screen.
- Edit the user properties and click Create.
Assign the Azure AD test user
- In the Azure portal, select Enterprise Applications, select All applications, then select webMethods Integration Cloud.
- In the applications list, select webMethods Integration Cloud.
- In the menu on the left, select Users and groups.
- Click the Add user button, then select Users and groups in the Add Assignment dialog.
- In the Users and groups dialog select created user in the Users list, then click the Select button at the bottom of the screen.
Configure webMethods API Portal Single Sign-On
- Navigate to user management console in webmethods API Portal (http://developers.fazio.com/umc)
- Enable SAML and configure the IdP ID, SP ID, Single Signon/Logout URLs
- We wanted to provision the users in UMC based on the SAML response. And hence enable automatically create user flag in UMC.
- Set the authentication comparision context to exact
- Map the attributes of UMC to SAML assertion attributes using attribute mapping.
- Assign default user group(API Consumer) for onboarded users.
Now if you navigate to API Portal home page(http://developer.fazio.com), you will be redirected to azure AD for signing in and then if signing succesful, you will be automatically logged into API Portal.