跳到主内容

Appgate (POST)

Casdoor as a SAML IdP in Appgate

Appgate accepts the SAMLResponse sent by POST Request. If you use other SP that also supports POST request, you can refer to this document.

Casdoor configuration

Go to your Casdoor and add a new application.

Enter basic SAML configuration in the application:

  • Redirect URLs – Type in a unique name. This may be called Audience or Entity ID in your SP. See the table below.

    Entity ID

  • Reply URL – type in the URL of the ACS verifying the SAML response, refer to the table below

    Reply URL

Administrator AuthenticationUser Authentication
Redirect URL = “AppGate”Redirect URL = “AppGate Client”
SAML Reply URL = https://mycontroller.mycompany.com/admin/samlSAML Reply URL = https://redirectserver.mycompany.com/saml

Download the XML metadata file

You can copy the URL of metadata and download the file from your browser.

metadata

Add SAML IdP in Appgate

In your AppGate SDP console:

  • Select System > Identity Providers

  • Create a new Identity Provider

  • Choose the type SAML

  • Start configuring your identity provider following the details in the tables below

Administrator Authentication
NameEnter a unique name eg: "Casdoor SAML Admin"
Single Sign-on URLSee below
IssuerSee below
AudienceType in the Redirect URL from the Casdoor application
Public CertificateSee below

  • Upload the XML Metadata file to autocomplete Single Sign-On, Issuer and Public Certificate fields

  • Click Choose a file and select the metadata file that you created previously - this will autocomplete the relevant fields

Map Attributes

Mapping the Name to username, your completed form should look something like this: map_attribute

Test Integration

On your AppGate SDP Controller console:

  • Log out of the admin UI

  • Log in using the following information:

  • Identity Provider – choose your Azure IdP from the drop down list

  • Click Sign in with browser to connect to your authenticator

  • You may see the following message: “You don’t have any administration rights” – this confirms that the test user credentials have been successfully authenticated by your Identity Provider.

Access Policy

Your need to modify the access policy that the administrator can log in the Appgate by the SAML idp. Enter Builtin Administrator Policy:

Your completed form should look something like this: appgate_policy.png