Configuring Active Directory Federation Services

Follow

Configuring Active Directory Federation Services

To configure Kion to use Active Directory Federation Services (previously ADFS):

  1. Navigate to Users > Identity Management Systems.
  2. Click Add New
  3. For the IDMS Type, select SAML 2.0.
  4. Fill in the required fields. For more information, see Add a SAML 2 IDMS.
  5. Do not enable Should Sign AuthN Requests.
  6. For the First Name, enter the field from the IDP that will be mapped to the user first name (first_name).
  7. For the Last Name, enter the field from the IDP that will be mapped to the user last name (last_name).
  8. For the Email, enter the field from the IDP that will be mapped to the user email (email).
  9. For the Username field, enter the field from the IDP that will be mapped to the user username (username).
  10. Click Create IDMS.
  11. Download the Kion metadata and import it into ADFS. You can accept all of the defaults when going through the metadata import wizard. 
  12. Open the relying party definition.
  13. In the encryption tab, remove the certificate so that the response assertions are not encrypted.

    Cloudtamer_test_properties.png

  14. Create claim rules which describe what data ADFS will return to the relying party. There must be a name ID attribute. The other attributes must match what you named them when creating the IDM record inside the application.
  15. edit_rule_-_cloudtamer.png

  16. Log into the application via ADFS.