This article outlines and discusses the
steps or actions required to enable Machpanel to authenticate via Active
Directory Federation Services (ADFS).
Functionality to login to Machpanel with
ADFS account requires an ADFS server setup and shall be accessible from
control panel server and also control panel shall be able to access ADFS
server. Setting up ADFS machine is out of scope of this document. To
setup the ADFS server please contact Machsol support.
Relaying Party setup
server is setup then we need to add our ‘ADFS login App’ as relying
party in ADFS.In ADFS service console, navigate to ‘Relying Party
Trust’, right click and select ‘Add new’, below dialog box appears,
select ‘claim aware’ and click start.
On next screen select ‘Enter data about relying party manually’ and click next as show below.
On next screen provide ‘Display name’ and ‘Notes’ for Relying party as below and click next.
On next screen ‘Configure certificate’ no change and click next and
configure ‘Configure URL’ as show below and click next. Set the
bridging/intermediate application url and select ‘WS Federation Passive
On ‘Configure identifiers’ steps no change, just click next. And on
‘Choose Access Control Policy’ screen select ‘Permit Everyone’ and click
next as shown below.
Navigate to last step by clicking ‘next’ and finish the setup.
Once a relying party is added
successfully, we need to configure the ‘Claim Issuance Policy’ for
relying party so that required claim is returned by ADFS to middle-ware
Right click on relying party name in ADFS service console and select ‘Edit claim issuance policy’ as shown below.
In claim issuance policy dialog click ‘Add Rule’ button as shown below.