Use the Maverics API to automate deployments

This guide walks you through the process of automating app deployments using our API. First you’ll create a user flow as a template for the policy and an environment as the deployment strategy for your orchestrators. Our API then enables you to create new applications and automatically deploy the policies.

This guide is structured to provide both overview and detailed instructions, making it suitable for IT professionals and administrators who are tasked with setting up and managing digital identities. We’ll cover the following steps:

• Prepare your environment
• Define your identity fabric
• Create a placeholder application
• Create a user flow with the placeholder
• Generate an access token
• Use the Maverics API

Prepare your environment

Before downloading and deploying an orchestrator, you’ll need to create an environment. For detailed information on how to set up an environment with different cloud storage services, see Configure environments.

When creating your environment:

1. Ensure the environment you configure in the Maverics Cloud Console is configured to be a SAML or OIDC provider with, at minimum, an orchestrator URL.
2. Validate that network and firewall settings allow communication between the auth provider and the orchestrator.
3. Enable the Registration Endpoint, which will allow you to use the Maverics API.

Note that you must provide a URL for your orchestrator, which Maverics can use to automatically define several endpoints. Example endpoints are shown in the configuration example below.

  issuer: https://maverics.sonarsystems.com
  endpoints:
    metadata: https://maverics.sonarsystems.com/idp/saml/metadata.xml
    singleSignOnService: https://maverics.sonarsystems.com/sso
    singleLogoutService: https://maverics.sonarsystems.com/slo

After you’ve created your environment, you will be directed to the Environment page, where you can download and install the orchestrator. See Install an orchestrator.

Define your identity fabric

The Maverics identity fabric includes an identity provider and optional attribute providers. Maverics identity providers integrate with several OIDC and SAML legacy and cloud identity providers and leverage them as either authentication providers or attribute providers. Some identity systems act as both authentication and attribute providers.

Go to Identity Fabric and make a selection in the Identity Services panel on the right. You can select any service for use with a SAML or OIDC app.

For more information on setting up an identity fabric, see Configure identity fabric.

Create a placeholder application

From the Applications page, create either a SAML app or OIDC app.

Use placeholder text for all of the values, as you will only be using this app to set up the user flow.

Click Create to save the configuration.

Create a user flow with the placeholder

Next, you’ll create a user flow selecting the app you’ve created.

From the dashboard, click Create user flow. Alternatively, from the sidebar, click User Flows, and click New. Enter a name for the user flow and select an application to use. Click Create.

When configuring your user flow:

1. Under Authentication Provider, select an IDP you’ve configured.
2. In the Attribute Providers section, select an attribute provider, a username mapping provider, and a username mapping attribute. Click Add to save your attribute. Repeat this process to add multiple attributes.
3. The Claims section allows you to provide additional claims to this user. This maps claims to session attributes provided by the IDP(s) and any optionally defined AttributeProvider(s).
   1. Use the Attribute Providers section to select an attribute provider, a username mapping provider, and a username mapping attribute. Click Add to save your claim. Repeat this process to add multiple claims.
   2. Under NameID mapping, you can define custom NameID mappings in SAML responses. Select a provider and enter the attribute you want to define. Click Add to save the mapping.
   3. If you’ve configured Build Claims or Build Relay State service extensions, you can select them under Service Extensions.
4. To save the complete user flow, click Deploy… at the top of the page.
5. The Choose revision and environment modal appears. The Revision field reflects the latest number. Select an environment to deploy to and click Preview.
6. On the Deployment Preview screen, you can view the revision history and a diff view of the current user flow against the new user flow (if you’re editing an existing user flow).
7. Click Deploy at the top of the screen to deploy the latest revision to your selected environment.

Generate an access token

In order to use the Maverics Console API, you will need to create an access token. Click your user profile menu in the upper right corner and go to Developer settings. From the Developer settings page, click Generate access token.

1. Enter a name for your access token.
2. Select the environment you want to use.
3. Select an expiration option.
4. Click Submit.

Be sure to copy the access token immediately, as you will not be able to access this token again. You will need this token to call the Maverics API.

Use the Maverics API

curl -X POST https://maverics.strata.io/register/saml \
-H "Authorization: Bearer <YOUR_ACCESS_TOKEN>" \
-H "Content-Type: application/json" \
-d '{
 "client_name": "SAML Example",
 "logo_uri": "https://example.com/http.svg",
 "audience": "https://sp.example.org",
 "acs_url": "https://sp.example.org/acs",
 "logout_url": "https://sp.example.org/logout",
 "duration": 400,
 "request_verification": {
 "certificate": "request-verification-certificate"
 },
 "idp_initiated_login": {
"login_url": "https://maverics.sonarsystems.com/example/login",
"relay_state_url": "https://sp.example.org/relay"
 }
}'

{
  "client_name": "SAML Example",
  "logo_uri": "https://example.com/http.svg",
  "audience": "https://sp.example.org",
  "acs_url": "https://sp.example.org/acs",
  "logout_url": "https://sp.example.org/logout",
  "duration": 3500,
  "request_verification": {
      "certificate": "-----BEGIN CERTIFICATE-----"
  },
  "idp_initiated_login": {
      "login_url": "https://maverics.sonarsystems.com/example/login",
      "relay_state_url": "https://sp.example.org/relay"
  },
  "metadata_url": "https://maverics.sonarsystems.com:8443/metadata",
  "public_key": "Certificate: ...",
  "registration_access_token": "",
  "registration_client_uri": ""
}

curl -X POST https://maverics.strata.io/register/oidc \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"application_type": "oidc",
"redirect_uris": [
  "https://client.example.com/callback",
  "https://client.example.com/callback2"
],
"client_name": "Example Client",
"subject_type": "pairwise",
"sector_identifier_uri": "https://other.example.com/file_of_redirect_uris.json",
"token_endpoint_auth_method": "client_secret_basic",
"jwks_uri": "https://client.example.com/my_public_keys.jwks",
"userinfo_encrypted_response_alg": "RSA1_5",
"userinfo_encrypted_response_enc": "A128CBC-HS256",
"contacts": [
  "[email protected]",
  "[email protected]"
]
}'

{
"application_type": "oidc",
"redirect_uris": [
  "https://client.example.com/callback",
  "https://client.example.com/callback2"
],
"client_name": "Example Client",
"logo_uri": "",
"subject_type": "pairwise",
"sector_identifier_uri": "https://other.example.com/file_of_redirect_uris.json",
"token_endpoint_auth_method": "client_secret_basic",
"jwks_uri": "https://client.example.com/my_public_keys.jwks",
"userinfo_encrypted_response_alg": "RSA1_5",
"userinfo_encrypted_response_enc": "A128CBC-HS256",
"contacts": [
  "[email protected]",
  "[email protected]"
],
"request_uris": null,
"client_id": "03e9d59e-ac2e-4285-aa34-52a6cf09aea9",
"client_secret": "fr-GqEYyXoirjNIpW9dJOtiRlVaraBoR",
"client_secret_expires_at": 0,
"registration_access_token": "",
"registration_client_uri": ""
}

By following the steps outlined in this guide, you have successfully set up automated app deployment in Maverics, laying the groundwork for a robust and secure identity management system.