This guide is for IT Administrators to setup ADFS for integration with Lucidity Software Products
...
| Term | Description |
|---|---|
| IdP | Identity Provider, acts as identifying party in federation requests |
| SP | Service Provider, acts as consumer of relayed information in federation requests |
| Relying Party | Microsoft's terminology for SP |
| idp-instance-url | Web-accessible path to ADFS IdP instance. Must be accessible via HTTPS |
ADFS Setup
Instructions for setup of ADFS can be found in the following video and instructions. You can skip some of this if ADFS is already setup.
http://www.youtube.com/embed/fwHIKlAPV0g
| Widget Connector | ||
|---|---|---|
|
1. Install AD CS (IdP)
Active Directory Certificate Service is required to sign requests made by IIS when authenticating ADFS.
Following instructions in the below video, install ADCS, and create a Certificate Authority for the machine. This will be used to issue certificates later in the process.
...
- Untrusted certificates / invalid common names in certificates
ADFS is very particular about certificates it will trust. Ensure that both the SP and IdP certificates match the simplesamlphp-url and idp-instance-url, respectively. If you are testing add the certificate as in the note at Part 12 - Requests coming from invalid URL
Requests must originate from, and be sent to, the exact address specified in metadata. Ensure the the simplesamlphp-url and idp-instance-url are present in metadata - Requests coming from non HTTPS url
ADFS will reject any non HTTPS requests with a particularly unhelpful error message. Ensure that the Federation request originates from HTTPS, and the the IdP address is also HTTPS - SSO path through not occurring (when logged in to ADFS domain)
Authentication details won't be passed through in IE unless both the simplesamlphp-url and idp-instance-url and are trusted URLs