Search

MachPanel Knowledgebase

HOW TO:Login with Active Directory Federation Services (ADFS)

Khurram Hameed
MachPanel

Summary

This article outlines and discusses the steps or actions required to enable Machpanel to authenticate via Active Directory Federation Services (ADFS).

ADFS setup

Functionality to login to Machpanel with ADFS account requires an ADFS server setup and shall be accessible from control panel server and also control panel shall be able to access ADFS server. Setting up ADFS machine is out of scope of this document. To setup the ADFS server please contact Machsol support.

Relaying Party setup

Once ADFS server is setup then we need to add our ‘ADFS login App’ as relying party in ADFS.In ADFS service console, navigate to ‘Relying Party Trust’, right click and select ‘Add new’, below dialog box appears, select ‘claim aware’ and click start.

On next screen select ‘Enter data about relying party manually’ and click next as show below.

On next screen provide ‘Display name’ and ‘Notes’ for Relying party as below and click next.

On next screen ‘Configure certificate’ no change and click next and configure ‘Configure URL’ as show below and click next. Set the bridging/intermediate application url and select ‘WS Federation Passive protocol’

On ‘Configure identifiers’ steps no change, just click next. And on ‘Choose Access Control Policy’ screen select ‘Permit Everyone’ and click next as shown below.

Navigate to last step by clicking ‘next’ and finish the setup.

Configure Claim

Once a relying party is added successfully, we need to configure the ‘Claim Issuance Policy’ for relying party so that required claim is returned by ADFS to middle-ware application.

Right click on relying party name in ADFS service console and select ‘Edit claim issuance policy’ as shown below.

In claim issuance policy dialog click ‘Add Rule’ button as shown below.