Introduction
This document describes how Acubiz EMS is set up as a Relying Party Trust in Microsoft Active Directory Federation Services (AD FS), so you can use SSO to access the Acubiz EMS system federation.
Content in this article:
- Send Federation Metadata to Acubiz
- Configuration of Acubiz EMS as Relying Party Trust
- Test the SSO connection
Send Federation Metadata to Acubiz
Start by providing your company FederationMetadata.xml to Acubiz.
Fetch Federation Metadata:
Open a browser and fetch the file “FederationMetadata.xml” from your own AD FS platform.
Example path:
https://adfs.[domain].com/federationmetadata/2007-06/federationmetadata.xml
If the Metadata-file can not be fetched, you should check if the Metadata endpoint is enabled. This is done in AD FS Management under \AD FS\Service\Endpoints\ in the ”Metadata” section. Make sure the endpoint is Enabled. Alternatively, you can send a link (URL) where your Metadata file is publicly
accessible
Configuration of Acubiz EMS as Relying Party Trust
General configuration
- Open AD FS Management à Add Relying Party Trust
Click the [Start]-button in the window
- Select “Import data about the relying party published online or on local network” and
insert the following URL in the address field:
https://auth.acubiz.com/federationmetadata/2007-06/federationmetadata.xml
Click the [Next]-button
- Enter ”Acubiz” as Display name
Click the [Next]-button
- Check that “I do not want to configure…” is selected:
Click the [Next]-button
- Check that “Permit all users to access this relying party” is selected:
Click the [Next]-button
Should you wish to limit access to Acubiz EMS for specific users, then this can later be
configured in the Claim Rule view under ”Issuance Authorization Rules”.
Click the [Next]-button
Click the [Close]-button
Configuration of Claim Rules
This section describes the Claim Rules required to connect to Acubiz:
Click the [Add Rule…]-button
Set up AD Attributes
Select ”Send LDAP Attributes as Claims”:
Click the [Next]-button.
Configure LDAP attributes
Configure the LDAP Attribute store to send Claim Types as follows:
LDAP Attribute | Required outgoing Claim Type (Name) |
Display-Name | http://schemas.xmlsoap.org/claims/CommonName |
E-Mail-Addresses | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
E-Mail-Addresses | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
The Claim type “name” is required and must contain the User email address!
Click the [OK]-button
Test the SSO connection
Now Test of SSO connection to Acubiz
Comments
0 comments
Please sign in to leave a comment.