Adobe Sign. Enabling SAML Single Sign-On with Microsoft Active Directory Federation Services Reference Guide

Similar documents
VMware Identity Manager Integration with Active Directory Federation Services 2.0

CONFIGURATION GUIDE WITH MICROSOFT ACTIVE DIRECTORY FEDERATION SERVER

CA Nimsoft Service Desk

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML

ADFS Integration Guidelines

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

Contents. Introduction. Prerequisites. Requirements. Components Used

Configuring Active Directory with AD FS and SAML for Brainloop Secure Dataroom Setup Guide

Microsoft Office 365 Using SAML Integration Guide

AWS Management Portal for vcenter. User Guide

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

Lifesize Cloud Table of Contents

Moodle and Office 365 Step-by-Step Guide: Federation using Active Directory Federation Services

ACTIVID APPLIANCE AND MICROSOFT AD FS

How To Use Saml 2.0 Single Sign On With Qualysguard

EVault Endpoint Protection 7.0 Single Sign-On Configuration

Security Assertion Markup Language (SAML) Site Manager Setup

Fairsail. Implementer. Single Sign-On with Fairsail and Microsoft Active Directory Federation Services 2.0. Version 1.92 FS-SSO-XXX-IG R001.

Defender Token Deployment System Quick Start Guide

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

SAML 2.0 Configurations at SAP NetWeaver AS ABAP and Microsoft ADFS

DEPLOYMENT GUIDE. SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Exostar LDAP Proxy / Secure Setup Guide. This document provides information on the following topics:

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Browser-based Support Console

AvePoint Meetings for SharePoint On-Premises. Installation and Configuration Guide

ADFS for. LogMeIn and join.me authentication

T his feature is add-on service available to Enterprise accounts.

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

How to set up Outlook Anywhere on your home system

Connected Data. Connected Data requirements for SSO

Active Directory Federation Services

Using Entrust certificates with Microsoft Office and Windows

Achieve Single Sign-on (SSO) for Microsoft ADFS

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]

Microsoft Corporation. Project Server 2010 Installation Guide

User Management Tool 1.5

Copyright

Windows Live Mail Setup Guide

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

Secure IIS Web Server with SSL

VMware Identity Manager Administration

DIRECTORY PASSWORD V1.2 Quick Start Guide

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Active Directory integration with CloudByte ElastiStor

YubiKey PIV Deployment Guide

How to install and use the File Sharing Outlook Plugin

LAB 1: Installing Active Directory Federation Services

Application Note. ShoreTel 9: Active Directory Integration. Integration checklist. AN June 2009

Configuring EPM System for SAML2-based Federation Services SSO

Integration Guide. SafeNet Authentication Service. Using SAS with Web Application Proxy. Technical Manual Template

HP Software as a Service. Federated SSO Guide

Configuration Guide. SafeNet Authentication Service AD FS Agent

Egnyte Single Sign-On (SSO) Installation for OneLogin

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

4cast Client Specification and Installation

Publish Cisco VXC Manager GUI as Microsoft RDS Remote App

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

Microsoft Business Intelligence 2012 Single Server Install Guide

SURFconext for SharePoint 2010 Setup guide

Authentication in XenMobile 8.6 with a Focus on Client Certificate Authentication

SAML 2.0 SSO Deployment with Okta

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

AVG Business SSO Partner Getting Started Guide

CLIENT CERTIFICATE (EAP-TLS USE)

Account Create for Outlook Express

Wavecrest Certificate

SAM Context-Based Authentication Using Juniper SA Integration Guide

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

AD FS 2.0 Step-by-Step Guide: Federation with Shibboleth 2 and the InCommon Federation

SAP NetWeaver AS Java

webnetwork Office 365 SSO integration v

Basic Exchange Setup Guide

Safewhere*PasswordReset

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

TIB 2.0 Administration Functions Overview

Getting Started with AD/LDAP SSO

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

NSi Mobile Installation Guide. Version 6.2

McAfee Cloud Identity Manager

Add Microsoft Azure as the Federated Authenticator in WSO2 Identity Server

Agenda. How to configure

Configuring. SugarCRM. Chapter 121

Zendesk SSO with Cloud Secure using MobileIron MDM Server and Okta

AD FS 2.0 Step-by-Step Guide: Federation with Ping Identity PingFederate

etoken Enterprise For: SSL SSL with etoken

App Orchestration 2.0

McAfee Cloud Identity Manager

Flexible Identity Federation

Microsoft Dynamics GP Release

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Generating an Apple Push Notification Service Certificate

Introduction to Directory Services

Abila Nonprofit Online. Connection Guide

Transcription:

Enabling SAML Single Sign-On with Microsoft Active Directory Federation Services Reference Guide 2016 Adobe Systems Incorporated. All Rights Reserved. Products mentioned in this document, such as the services of identity provider Microsoft Active Directory Federation, retain all of the copyrights and trademark rights of their specific corporations. Last Updated: June 17, 2016

Table of Contents Overview... 3 Installing the Active Directory Domain Service... 3 Installing the Active Directory Federation Service... 3 Adding Adobe Sign as a relying party... 12 Adding the Certificate from Adobe Sign... 25 Adobe Sign specific settings... 25 Certificate Creation... 26 Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 2

Overview This document describes the process for setting up Single Sign On for Adobe Sign using Microsoft Active Directory Federation Service. Before proceeding, please review the Adobe Sign Single Sign On Using SAML Guide, which describes the SAML set up process and provides detailed information on the SAML Settings in Adobe Sign. The process of setting up SAML SSO includes the following: Installing the Active Directory Domain Service Installing the Active Directory Federation Service Creating a Test User Adding Adobe Sign as a relying party Installing the Active Directory Domain Service Before configuring SAML for MSAD, you must install the Active Directory Domain Service if it is not already installed. You must have system administrator privileges in Windows Server to install Active Directory Domain Services. Installing the Active Directory Federation Service 1. If required, launch the Server Manager, then click Dashboard. Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 3

2. In the Dashboard, click Add roles and features. The Add Roles and Features Wizard displays. 3. In the Select installation type dialog, select Rule-based or Feature-based Installation then click Next. 4. In the Select destination server dialog of the wizard, leave the Select a server from the server pool option enabled, select a Server Pool, then click Next. Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 4

5. In the Select server roles dialog, select Active Directory Federation Services, then click Next. Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 5

6. In the Confirm installation selections dialog of the wizard, accept all the defaults by clicking Install. 7. On the post install options, select Create the first federation server in a federation server farm. 8. On the Welcome page, leave the options as is and click Next. Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 6

9. In the Connect to Active Directory Domain Services dialog of the wizard, select the Administrator account if not by default, then click Next. Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 7

10. In the Specify Service Properties dialog, import the pfx file that you created using the steps defined in the Certificate Creation section, enter a Federation Service Display Name, then click Next. Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 8

11. In the Specify Service Account dialog, select Use an existing domain user account or group Managed Service Account. Use Administrator as the service account and provide your administrator password, then click Next. Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 9

12. In the Specify Configuration Database dialog, select Create a database on this server using Windows Internal Database, then click Next. 13. In the Review Options dialog, click Next. Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 10

14. In the Prerequisite Checks dialog, once the prerequisite check is done, click Configure. 15. In the Results dialog, ignore the warning and click Close. Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 11

Adding Adobe Sign as a relying party 1. From the Apps menu, launch AD Federation Service Management. 2. In the AD FS console, select Authentication Policies then Edit. Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 12

3. In the Edit Global Authentication Policy dialog, under both Extranet and Intranet, enable Forms Authentication. 4. In the AD FS console, under Trust Relationships, select Relying Party Trusts and click Add Relying Party Trust. The Add Relying Party Trust wizard displays. 5. In the Select Data Source dialog of the wizard, enable the Enter Data about the relying party manually option, then click Next. Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 13

6. In the Specify Display Name dialog, enter a Display Name, then click Next. Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 14

7. In the Choose Profile dialog, enable the AD FS profile option, then click Next. 8. In the Configure Certification dialog there is no certificate to configure, so click Next. Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 15

9. In the Configure URL dialog, select Enable support for the SAML 2.0 WebSSO protocol and enter the Assertion Consumer URL from Adobe Sign, then click Next. (See the Single Sign On with SAML Guide for more information about the Assertion Consume URL.) Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 16

10. In the Configure Identifiers dialog, enter http://echosign.com for Relying party trust Identifier and click Add, then click Next. 11. In the next screen, leave the defaults as-is, and click Next. Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 17

12. In the Choose Issuance Authorization Rules dialog, confirm that the Permit all users to access the relying party option is enabled. 13. In the Ready to Add Trust dialog, click Next. Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 18

14. In the Finish dialog, click Close. 15. In the Edit Claim Rules dialog, click Add Rule. The Add Transform Claim Rule Wizard displays. Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 19

16. In the Select Rule Template dialog of the wizard, select Send LDAP Attributes as Claims from the Claim rule template drop-down. Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 20

17. In the Configure Rule dialog, select the options shown in the dialog and click Finish. Adobe Sign only supports the email address as the unique identifier. You need to select E-Mail Addresses as the LDAP Attribute and E-Mail Address as the Outgoing Claim. 18. When the Select Rule Template dialog of the wizard redisplays, select Send Claims Using a Custom Rule from the Claim rule template drop-down, then click Next. Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 21

19. In the Configure Rule dialog, enter the following: o Name of rule Enter EmailToNameId o Custom rule desription enter the following: c:[type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"] => issue(type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.issuer, OriginalIssuer = c.originalissuer, Value = c.value, ValueType = c.valuetype, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/form at"] = "urn:oasis:names:tc:saml:1.1:nameid-format:emailaddress", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spna mequalifier"] = ""); Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 22

20. Click Finish. The Add Transform Claim Rule Wizard closes. 21. Back in the Edit Claim Rules for Adobe Sign dialog, click the Issuance Authorization Rules tab and Delegation Authorization rules tab and ensure that the Permit Access to All Users is enabled for both as shown below. If not, add a rule, so that Permit Access To All Users is enabled. Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 23

Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 24

22. Click OK to accept all changes can close the Edit Claims Rules for Adobe Sign dialog. Adding the Certificate from Adobe Sign 1. In the AD FS console, under Trust Relationships, select the Adobe Sign Relying Party click Properties. 2. Once launched, select Authentication Policies and then Edit. 3. Select the Signature tab. 4. Click Add and add the SP certificate file you downloaded from Adobe Sign. (See the Single Sign On with SAML Guide for more information about the SP certificate.) 5. Select the Advanced tab and change the Secure Hash Algorithm to SHA-1. 6. Select the Endpoints tab and add the Single Logout (SLO) URL from Adobe Sign. (See the Single Sign On with SAML Guide for more information about the Single Logout (SLO) URL). 7. Disable Claims Encryption Open power shell on the ADFS server and type 8. Set-ADFSRelyingPartyTrust -TargetName "Adobe Sign" -EncryptClaims $false Adobe Sign specific settings The account should have SAML_AVAILABLE=true Host Name SAML Mode ACCOUNT_USER_ADD_EMAIL_DOMAINS setting to be for example dev.com Select the token signing certificate in ADFS and export it as a cer file ( do not export private key) and add it to the account admins SAML Settings page in Adobe Sign. Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 25

Open this certificate file in notepad, and Adobe Sign Admin copy its contents into the IdP Certificate field in SAML Settings. Now you should be able to test. Certificate Creation 1. On Windows, install openssl. On Mac, openssl is present. 2. Launch a command prompt and type openssl req -x509 -newkey rsa:2048 -keyout <yourkeyname>.pem -out <yourkeynamecer>.pem -days <#ofdays> Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 26

Enter the following- Country code- US State - Californiacity San Jose Enter some Organization and Organization unit Common Name- This is the fully qualified name that is the same as your host system name example sjtest.es.com 3. Now create the pkcs12 key pkcs12 -export -in <yourkeynamecer>.pem -inkey <yourkeyname>.pem -out my_pkcs12.pfx 4. Enter password when prompted 5. Click Import and select the my_pkcs12.pfx selected above and enter password that you provided at pkcs12 export time when prompted Adobe Sign Enabling SAML Single Sign On with Microsoft Active Directory Federation Services 27

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information