Step 4: Verify the Federated Login

Verifying the Federated Login

Federated users can initiate a login from the IdP or SP.

Initiating a login from an IdP, for example, Microsoft Active Directory Federation Services (AD FS) or Shibboleth.
Initiating a login from the SP (HUAWEI CLOUD). You can obtain the login link from the IdP details page on the IAM console.

The IdP-initiated login method depends on the IdP. For details, see the IdP help documentation. This section describes how to initiate a login from the SP.

Log in as a federated user.
On the Identity Providers page of the IAM console, click View in the row containing the IdP. Click to copy the login link displayed in the Basic Information area, open the link using a browser, and then enter the username and password used in the enterprise management system.
Check whether the federated user is logging in as an IAM user.

Redirecting to a Specified Region or Service

You can specify the target page which the federated user will be redirected to after login, for example, the Cloud Eye homepage in the CN-Hong Kong region.

Configuring the login link on the SP
Combine the login link obtained from the console with the specified URL using the format Login link&service=Specified URL. For example, if the obtained login link is https://auth.huaweicloud.com/authui/federation/websso?domain_id=XXX&idp=XXX&protocol=saml and the specified URL is https://console-intl.huaweicloud.com/ces/?region=ap-southeast-1, the login link configured on the SP is https://auth.huaweicloud.com/authui/federation/websso?domain_id=XXX&idp=XXX&protocol=saml&service=https://console-intl.huaweicloud.com/ces/?region=ap-southeast-1
Configuring the login link on the IdP
Configure IAM_SAML_Attributes_redirect_url (the URL to be redirected to) in the SAML assertion of the enterprise IdP.