Configuring Active Directory Federation Services (ADFS) For Use Within Kion
To configure Kion to use ADFS:
- In the left navigation menu, click Users > Identity Management Systems.
- Click the + button at the top to add a new IDMS.
- Under IDMS Type, use the dropdown menu to select SAML 2.0.
- Fill out the required fields. Leave Should Sign AuthN Requests unchecked.
- In the Assertion Mapping section, enter names for first, last, email, and username. Optional fields can be left blank.
- Click Create IDMS.
- Download the Kion metadata and import it into ADFS. You can accept all of the defaults when going through the metadata import wizard.
- Open the relying party definition.
- In the encryption tab, remove the certificate so that the response assertions are not encrypted.
- Create claim rules which describe what data ADFS will return to the relying party. There must be a name ID attribute. The other attributes must match what you named them when creating the IDM record inside the application.
- Log into the application via ADFS. Your first/last, email, and username data are pulled into Kion.