Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML



Similar documents
ADFS Integration Guidelines

CA Nimsoft Service Desk

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

ADFS for. LogMeIn and join.me authentication

Fairsail. Implementer. Single Sign-On with Fairsail and Microsoft Active Directory Federation Services 2.0. Version 1.92 FS-SSO-XXX-IG R001.

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

SAML 2.0 Configurations at SAP NetWeaver AS ABAP and Microsoft ADFS

Microsoft Office 365 Using SAML Integration Guide

Active Directory Federation Services

CONFIGURATION GUIDE WITH MICROSOFT ACTIVE DIRECTORY FEDERATION SERVER

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

VMware Identity Manager Integration with Active Directory Federation Services 2.0

How To Use Saml 2.0 Single Sign On With Qualysguard

EVault Endpoint Protection 7.0 Single Sign-On Configuration

T his feature is add-on service available to Enterprise accounts.

App Orchestration 2.5

Security Assertion Markup Language (SAML) Site Manager Setup

Egnyte Single Sign-On (SSO) Installation for OneLogin

AvePoint Meetings for SharePoint On-Premises. Installation and Configuration Guide

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Configuring Active Directory with AD FS and SAML for Brainloop Secure Dataroom Setup Guide

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

ECA IIS Instructions. January 2005

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

ACTIVID APPLIANCE AND MICROSOFT AD FS

App Orchestration 2.0

Egnyte Single Sign-On (SSO) Installation for Okta

Add Microsoft Azure as the Federated Authenticator in WSO2 Identity Server

Safewhere*PasswordReset

Single Sign On for ShareFile with NetScaler. Deployment Guide

SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE)

Exostar LDAP Proxy / Secure Setup Guide. This document provides information on the following topics:

Working with Office Applications and ProjectWise

etoken Enterprise For: SSL SSL with etoken

SAP NetWeaver AS Java

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

SharePoint SAML-based Claims Authentication with A10 Thunder ADC

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Introduction to Directory Services

Connected Data. Connected Data requirements for SSO

Configuring EPM System for SAML2-based Federation Services SSO

SAML Single-Sign-On (SSO)

AWS Management Portal for vcenter. User Guide

Exchange Outlook Profile/POP/IMAP/SMTP Setup Guide

Installation Guide. SafeNet Authentication Service

How to use Certificate in Microsoft Outlook

Extracting an S/MIME certificate from a digital signature

AD FS 2.0 Step-by-Step Guide: Federation with Ping Identity PingFederate

Getting Started with AD/LDAP SSO

Certificate Management for your ICE Server

Copyright: WhosOnLocation Limited

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

Integration Overview. Web Services and Single Sign On

Account Create for Outlook Express

Moodle and Office 365 Step-by-Step Guide: Federation using Active Directory Federation Services

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]

360 Online authentication

Lifesize Cloud Table of Contents

Xopero Backup Build your private cloud backup environment. Getting started

This guide identifies two possible enterprise integration scenarios for NetScaler and Azure AD.

IMAP and SMTP Setup in Clients

Interact for Microsoft Office

How To Connect Your Event To PayPal

AUSTRALIAN CUSTOMS AND BORDER PROTECTION SERVICE TYPE 3 CERTIFICATE 2014 INSTALLATION GUIDE

Verify LDAP over SSL/TLS (LDAPS) and CA Certificate Using Ldp.exe

Authentication Methods

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

Installing and Configuring vcenter Support Assistant

Virtual Office Remote Installation Guide

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Deploying RSA ClearTrust with the FirePass controller

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

Integrating WebSphere Portal V8.0 with Business Process Manager V8.0

Setup Guide for AD FS 3.0 on the Apprenda Platform

How to set up Outlook Anywhere on your home system

Configuring Salesforce

Gateway-to-Gateway VPN with Certificate

OneLogin Integration User Guide

Zendesk SSO with Cloud Secure using MobileIron MDM Server and Okta

Releasing blocked in Data Security

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

Exchange Outlook Profile/POP/IMAP/SMTP Setup Guide

Thirtyseven4 Endpoint Security (EPS) Upgrading Instructions

+27O.557+! RM Auditor Additions - Web Monitor. Contents

BEA Weblogic Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate

Secure IIS Web Server with SSL

Cloud Services. Sharepoint. Admin Quick Start Guide

WebLogic Server 6.1: How to configure SSL for PeopleSoft Application

idp Connect for OutSystems applications

Setting Up Resources in VMware Identity Manager

Jeff Schertz MVP, MCITP, MCTS, MCP, MCSE

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Gateway

Single Sign-On Implementation Guide

Installation Guide v3.0

WHITE PAPER Citrix Secure Gateway Startup Guide

Transcription:

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML --------------------------------------------------------------------------------------------------------------------------- Contents Overview... 2 General ADFS Setup... 2 WhosOnLocation Settings... 4 ADFS Relying Party Configuration... 5 ADFS Relying Party Claim Rules... 6 Logging into ADFS... 8 1 P age

Overview SAML 2.0 single sign-on (SSO) supports integration with Microsoft Active Directory Federation Services (ADFS) 3.0. General ADFS Setup This procedure uses ADFS 3.0 and shows samlportal.example.com as the ADFS website. Replace this with your ADFS website address. 1. Log into the ADFS server and open the management console. 2. Right-click Service and choose Edit Federation Service Properties... Figure 1 - Editing federation services properties 3. Confirm that the General settings match your DNS entries and certificate names. Take note of the Federation Service Identifier, since that is used in the WhosOnLocation SAML configuration settings. 2 P age

Figure 2 - Federation Service Identifier 4. Browse to the certificates and export the Token-Signing certificate. a) Right-click the certificate and select View Certificate. b) Select the Details tab. c) Click Copy to File. The Certificate Export Wizard launches. d) Select Next. e) Ensure No, do not export the private key is selected, and then click Next. 3 P age

f) Select DER encoded binary X.509 (.cer), and then click Next. g) Select where you want to save the file and give it a name. Click Next. h) Select Finish. WhosOnLocation requires that this certificate be in PEM format. You can convert this certificate using client tools or even online tools such as: SSL Shopper. Use the DER/Binary certificate we just created and export it to Standard PEM format. WhosOnLocation Settings With your SAML server configured and the information you need for setting up SAML in WhosOnLocation at hand, log in to your WhosOnLocation as an administrator and follow this procedure. Figure 3 - WhosOnLocation SAML configuration To enable SAML in your WhosOnLocation fill out the following options on your WhosOnLocation security page. 4 P age

Issuer URL This is the Federation Service Identifier from ADFS SSO Endpoint This is the URL that WhosOnLocation will invoke to redirect users to your Identity Provider. SLS Endpoint This is the URL that WhosOnLocation will return your users to after they log out. Certificate Paste your PEM certificate from the previous section Select Save SAML Configuration and then click the Download Metadata button at the bottom of the screen, this will provide you with a metadata file for the next section. Under the Our Parameters section you will find all the URL values that need to be entered in to ADFS, copy or make a note of these. Figure 4 - WhosOnLocation SAML settings ADFS Relying Party Configuration At this point you can take the WhosOnLocation Metadata and import it into your ADFS server. However, manual configuration of the relying party appears to be easier to implement. 5 P age

1. Open the ADFS Management console and select Relying Party Trusts. 2. Select Add Relying Party Trust from the top right corner of the window. 3. Click Start to begin. 4. Use the Import File option to import the metadata file. 5. Give it a display name such as WhosOnLocation and enter any notes you want. 6. Select ADFS 3.0 Profile. 7. Do not select a token encryption certificate. It will use the certificate that is defined on the service that has already been exported. Defining a certificate here will prevent proper communication with WhosOnLocation. 8. Do not enable any settings on the Configure URL. 9. Enter the entityid as shown on the WhosOnLocation SAML screen as the Relying Party trust identifier (e.g. https://login.whosonlocation.com/saml/metadata/123456) and click Add. 10. Permit all users to access this relying party. 11. Click Next and clear the Open the Claims when this finishes check box. 12. Close this page. The new relying party trust appears in the window. 13. Right-click on the relying party trust and select Properties. 14. Browse to the Advanced tab and set the Secure hash algorithm to SHA-1. 15. Browse to the Endpoints tab and add a SAML Assertion Consumer with a Post binding and the Consumer URL as shown on the WhosOnLocation SAML screen (e.g. https://login.whosonlocation.com/saml/acs/123456). ADFS Relying Party Claim Rules Edit the Claim rules to enable proper communication with WhosOnLocation. 1. Right-click on the relying party trust and select Edit Claim Rules. 2. On the Issuance Transform Rules tab select Add Rules. 6 P age

3. Select Send LDAP Attribute as Claims as the claim rule template to use. 4. Give the claim a name such as Get LDAP Attributes. 5. Set the Attribute Store to Active Directory, the LDAP Attribute to E-Mail-Addresses, and the Outgoing Claim Type to E-mail Address. Figure 5 - Editing a rule 6. Select Finish. 7. Select Add Rule. 8. Select Transform an Incoming Claim as the claim rule template to use. 9. Give it a name such as Email to Name ID. Incoming claim type should be E-mail Address (it must match the Outgoing Claim Type in rule #1. The Outgoing claim type is Name ID (this is requested in 7 P age

WhosOnLocation policy urn:oasis:names:tc:saml:1.1:nameid-format:emailaddress) and the Outgoing name ID format is Email. Pass through all claim values and click Finish. Figure 6 - Editing a rule Logging into ADFS 1. Browse to your ADFS sign-on page (e.g. https://samportal.example.com/adfs/ls/idpinitiatedsignon.aspx) This opens a generic page with a drop down list of all Relying Party Trusts configured. 2. Select the one you want to log in to and click on Continue to Sign In. If WhosOnLocation SAML is configured properly you will be logged in to the application, any errors will be displayed on the screen and the standard login form shown. 8 P age

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information