Configuring Alfresco Cloud with ADFS 3.0

Similar documents
Configuration Guide - Single-Sign On for OneDesk

Integrating YuJa Active Learning into ADFS via SAML

Microsoft ADFS Configuration

Nimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]

Integrating YuJa Active Learning with ADFS (SAML)

Qualys SAML & Microsoft Active Directory Federation Services Integration

Integrating the YuJa Enterprise Video Platform with ADFS (SAML)

Advanced Configuration for SAML Authentication

Configuring Microsoft ADFS for Oracle Fusion Expenses Mobile Single Sign-On

D9.2.2 AD FS via SAML2

NETOP PORTAL ADFS & AZURE AD INTEGRATION

Cloud Access Manager Configuration Guide

CONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

SSO Authentication with ADFS SAML 2.0. Ephesoft Transact Documentation

Integrating VMware Workspace ONE with Okta. VMware Workspace ONE

Using Your Own Authentication System with ArcGIS Online. Cameron Kroeker and Gary Lee

ADFS integration with Ibistic Commerce Platform A walkthrough of the feature and basic configuration

Integration Guide. BlackBerry Workspaces. Version 1.0

Quick Start Guide for SAML SSO Access

Configure Single Sign-On using CUCM and AD FS 2.0 (Windows Server 2008 R2)

How to Use ADFS to Implement Single Sign-On for an ASP.NET MVC Application

AD FS CONFIGURATION GUIDE

RECOMMENDED DEPLOYMENT PRACTICES. The F5 and Okta Solution for High Security SSO

TECHNICAL GUIDE SSO SAML. At 360Learning, we don t make promises about technical solutions, we make commitments.

RSA SecurID Access SAML Configuration for Datadog

Quick Start Guide for SAML SSO Access

VIEVU Solution AD Sync and ADFS Guide

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

RSA SecurID Access SAML Configuration for Kanban Tool

SAML 2.0 SSO. Set up SAML 2.0 SSO. SAML 2.0 Terminology. Prerequisites

INTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...

Configuring SAML-based Single Sign-on for Informatica Web Applications

TECHNICAL GUIDE SSO SAML Azure AD

Add OKTA as an Identity Provider in EAA

Contents Introduction... 5 Configuring Single Sign-On... 7 Configuring Identity Federation Using SAML 2.0 Authentication... 29

October 14, SAML 2 Quick Start Guide

Unified Contact Center Enterprise (UCCE) Single Sign On (SSO) Certificates and Configuration

Five9 Plus Adapter for Agent Desktop Toolkit

Integrating YuJa Active Learning into Google Apps via SAML

RSA SecurID Access SAML Configuration for StatusPage

Oracle Access Manager Configuration Guide

Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML)

Unity Connection Version 10.5 SAML SSO Configuration Example

esignlive SAML Administrator's Guide Product Release: 6.5 Date: July 05, 2018 esignlive 8200 Decarie Blvd, Suite 300 Montreal, Quebec H4P 2P5

Single Sign-On with Sage People and Microsoft Active Directory Federation Services 2.0

SAML-Based SSO Configuration

Cloud Secure Integration with ADFS. Deployment Guide

ADFS Setup (SAML Authentication)

Health Professional & ADFS Integration Guide

.NET SAML Consumer Value-Added (VAM) Deployment Guide

MyWorkDrive SAML v2.0 Okta Integration Guide

Configuring ADFS 2.1 or 3.0 in Windows Server 2012 or 2012 R2 for Nosco Web SSO

Unified Communications Manager Version 10.5 SAML SSO Configuration Example

Five9 Plus Adapter for Microsoft Dynamics CRM

TACACs+, RADIUS, LDAP, RSA, and SAML

Upland Qvidian Proposal Automation Single Sign-on Administrator's Guide

Configuring Claims-based Authentication for Microsoft Dynamics CRM Server. Last updated: May 2015

Google SAML Integration

RSA SecurID Access SAML Configuration for Samanage

Configuring ADFS for Academic Works

Single Sign-On (SSO)Technical Specification

ComponentSpace SAML v2.0 Okta Integration Guide

Five9 Plus Adapter for Oracle Service Cloud

Enabling SAML Authentication in an Informatica 10.2.x Domain

SafeNet Authentication Manager

SAML-Based SSO Solution

Manage SAML Single Sign-On

Configuring Claims-based Authentication for Microsoft Dynamics CRM Server. Last updated: June 2014

Copyright

Colligo Console. Administrator Guide

Enabling Single Sign-On Using Microsoft Azure Active Directory in Axon Data Governance 5.2

Morningstar ByAllAccounts SAML Connectivity Guide

Configure the Identity Provider for Cisco Identity Service to enable SSO

SAP NetWeaver Cloud Security Tutorial Single Sign-On and Identity Federation with SAP NetWeaver Single Sign-On

Configuring Confluence

Enabling Single Sign-On Using Okta in Axon Data Governance 5.4

Okta Integration Guide for Web Access Management with F5 BIG-IP

ArcGIS Enterprise Administration

SAML-Based SSO Solution

About This Document 3. Overview 3. System Requirements 3. Installation & Setup 4

Five9 Plus Adapter for NetSuite

This section includes troubleshooting topics about single sign-on (SSO) issues.

Webthority can provide single sign-on to web applications using one of the following authentication methods:

Slack Cloud App SSO. Configuration Guide. Product Release Document Revisions Published Date

Introduction to application management

CLI users are not listed on the Cisco Prime Collaboration User Management page.

Configuring the vrealize Automation Plug-in for ServiceNow

ADFS Authentication and Configuration January 2017

Using VMware Horizon Workspace to Enable SSO in VMware vcloud Director 5.1

Configuring Single Sign-on from the VMware Identity Manager Service to Marketo

Single Sign-On Administrator Guide

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for Okta

SAML with ADFS Setup Guide

Single Sign-On Administrator Guide

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate

Setting Up the Server

CLI users are not listed on the Cisco Prime Collaboration User Management page.

SAML-Based SSO Configuration

SAML 2.0 SSO Implementation for Oracle Financial Services Lending and Leasing

Transcription:

Configuring Alfresco Cloud with ADFS 3.0 Prerequisites: You have a working domain on your Windows Server 2012 and successfully installed ADFS. For these instructions, I created: alfresco.me as a domain adfs.alfresco.me as a Federation Service Name Before you proceed, make sure that ADFS installation and post configuration were successful by accessing the following URLs: ADFS metadata (there should be no errors): https://<federation service name>/federationmetadata/2007-06/federationmetadata.xml And the ADFS SSO page: https://<federation service name>/ adfs/ls/idpinitiatedsignon For example, for my configuration I can access them on: https://adfs.alfresco.me/federationmetadata/2007-06/federationmetadata.xml https://adfs.alfresco.me/adfs/ls/idpinitiatedsignon 1

Step 1 Configuring Alfresco Cloud 1.1 Login as a Network Admin, navigate to Account Settings and enable SAML. 1.2 For the Idp AuthenticationRequest Service URL, type in the location of the SingleSignOnService element within the ADFS metadata (https://<federation service name>/federationmetadata/2007-06/federationmetadata.xml). Notice: As we only support HTTP-POST binding, you only need to copy the location of the HTTP-POST services. E.g. <SingleSignOnService Location="https://adfs.alfresco.me/adfs/ls/" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/> 1.3 For the IdP SingleLogoutRequest Service URL and IdP SingleLogoutResponse Service URL, type in the location of the SingleLogoutService element within the ADFS metadata. E.g. <SingleLogoutService Location="https://adfs.alfresco.me/adfs/ls/" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/> 1.4 To upload the IdP certificate, first export the ADFS certificate by following the steps below: 1. Go to AD FS Management (Server Manager -> Tools) Service Certificates. 2. Under the Token-signing section, right click on the certificate and select View Certificate 3. On the Details tab, click on Copy to file then, Next. 4. Make sure DER encoded binary X.509 is selected (.CER). 2

5. On the next screen, select where you want to save the file and give it a name. Then Save Next Finish. 6. Now upload the exported certificate into Alfresco. 1.5 Now save the settings. Also, while you are in the SAML settings page, download the alfresco SAML metadata (SP metadata) and the alfresco SAML certificate (SP public certificate). These will be used during ADFS configuration. 3

Step 2 - Adding a Relying Party Trust (RPT) Select the Relying Party Trusts folder from AD FS Management (Server Manager Tools AD FS Management expand Trust Relationships), right click on Relying Party Trusts and select Add Relying Party Trust This starts the configuration wizard for a new trust (Click on Start). 4

2.1 In the Select Data Source screen, select the last option Enter data about the relying party manually. 5

2.2 On the next screen, enter a Display name that you'll recognize in the future, and any notes you may want to make. 6

2.3 On the next screen, select the AD FS profile radio button. 7

2.4 On the next screen, leave the default certificate settings. 8

2.5 On the next screen, check the box labelled Enable support for the SAML 2.0 WebSSO protocol and type in the Assertion consumer service URL which you need to get from the Alfresco Cloud metadata (in the metadata look for AssertionConsumerService element and copy the Location value). E.g. <md:assertionconsumerservice isdefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:8443/share/alfresco.me/saml/authnresponse" index="0"/> 9

2.6 On the next screen, add a Relying party trust identifier. This must match the Entity Identification (Issuer) value in the Alfresco Cloud Settings page. 10

2.7 On the next screen, select I do not want to configure multi-factor authentication settings for this relying party trust at this time. 11

2.8 On the next screen, select the Permit all users to access this relying party. 12

2.9 Just click Next, as there is nothing to do in the Ready to Add Trust screen. 13

2.10 On the final screen, make sure the checkbox is checked and click Close to exit, which opens the Edit Claim Rules editor. 14

Step 3 - Creating Claim Rules Once the relying party trust has been created, you can create the claim rules and update the relying party settings that weren't set by the wizard. By default, the claim rule editor opens once you have created the trust (if the editor doesn t open, right click on the relying party name that you have created in the Step 2 and select Edit Claim Rule...). 15

3.1 To create a new rule, click on Add Rule then create a Send LDAP Attributes as Claims rule. 16

3.2 On the next screen, enter a name for the rule (E.g. LDAP Attributes), and do the following: 1. Select Active Directory for the Attribute store 2. From the LDAP Attribute column, select E-Mail Addresses 3. From the Outgoing Claim Type, type Email Notice: Email is the attribute name in which Alfresco Cloud expects to be present in a SAML response. 4. From the LDAP Attribute column, select User-Principal-Name 5. From the Outgoing Claim Type, select Name ID Notice: We must add the Name ID in order to make ADFS send the SessionIndex with the response. Without the Name ID, ADFS does not include the SessionIndex within the response. You need the SessionIndex in order to use Alfresco Single Logout, as without it, Alfresco only logs you out locally. 3.3 Click on OK to save the new rule. 17

3.4 Create another rule by clicking Add Rule, this time select Transform an Incoming Claim as the rule template. 18

3.5 On the next screen, enter a name for the rule (E.g. Email Transform), and do the following: 1. Select E-mail Address as the Incoming claim type. 2. For Outgoing claim type, select Name ID. 3. For Outgoing name ID format, select Email 4. Select Pass through all claim values Finally, click OK to create the claim rule, and then OK again to finish off creating rules. 19

Step 4 - Adjusting the relying party trust settings You still need to adjust/add a few settings on your relying party trust. To access these settings, go to AD FS Management (Server Manager -> Tools), under Trust Relationships right click the relaying trust party which you have created in step 2 and select Properties. 4.1 In the Advanced tab, switch from SHA-256 to SHA-1 20

4.2 In the Endpoints tab, click on add SAML to add a new endpoint: E.g. 1. For the Endpoint type, select SAML Logout. 2. For the Binding, choose POST. 3. For the Trusted URL, enter the Alfresco Cloud logout service location, which you need to get from the Alfresco Cloud metadata (in the metadata look for SingleLogoutService element and copy the Location value) 4. For the Response URL, enter the Alfresco Cloud logout response service location (in the metadata look for SingleLogoutService element and copy the ResponseLocation value) <md:singlelogoutservice Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:8443/share/alfresco.me/saml/logoutrequest" ResponseLocation="https://localhost:8443/share/alfresco.me/saml/logout response"/> 5. Click OK 21

4.3 Select the Signature tab and add the alfresco certificate which you have downloaded from the Alfresco SAML Settings page in step 1.5. Notice: If there is warning about the length of the certificate s key, just click, Yes. 4.4 Confirm your changes by clicking OK on the RPT properties. You should now have a working RPT for Alfresco Cloud. 22

Step 5 Testing your settings 5.1 First, create a user in the Windows Server active directory 5.2 Add an email for the created user (Right click on the created user, select Properties, and then add an email that matches your Alfresco Cloud Network and Windows server domain). For example, I created a user with a username of user1 under the alfresco.me domain with an email of user1@alfresco.me 5.3 Go to https://<federation service name>/ adfs/ls/idpinitiatedsignon 5.4 Select the RPT which you have created in step 2, and Sign in 23

5.5 After successful authentication, you should be redirected to Alfresco Cloud. 24

Step 5 ADFS Logs To locate the ADFS logs, do the following: 1. Open the Event Viewer snap-in. - To open Event Viewer, On the Start screen, type Event Viewer. 2. In the console tree, expand Applications and Services Logs, expand AD FS, and then click Admin. 3. In the Filter Current Log dialog box, for Event level, verify that the following check boxes are selected for these levels of events: Warning, Information, and Error. Click OK. 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback