SSO Setup with Active Directory - ADFS

Overview

This article provides the steps to install and configure Active Directory Federation Services (ADFS) on Windows Server 2016 with Zephyr Enterprise.

Configure ADFS to integrate with Zephyr Enterprise

Create a relying party

To create a relying party:

  • On the Start menu, click Administrative Tools > AD FS Management. The ADFS Management console is launched.

  • Click Relying Party Trusts. The wizard to add a relying party is launched.

    relying-party-trusts.png

  • On the Add Relying Party Trusts Wizard, select Claims Aware and then click Start.

    add-relying-party-trust-wizard.png

  • Under Select Data Source, select Enter data about the relying party manually.

    add-relying-party-trust-wizard-1.png

  • In Specify Display Name field, enter Zephyr.

  • In the Configure URL section, select Enable Support for SAML 2.0 WebSSO Protocol and enter Relying party service URL as - https://zephyrdocs.atlassian.net/wiki/spaces/ZE/pages/3741679895/SSO+Setup+with+Active+Directory+-+adfs#

Example:

https://qademo22.yourzephyr.com/flex/saml/sso

configure-url.png

On the Configure Identifiers page, enter Relying Party Trust Identifier as - https://{ZephyrHostname}/flex/saml/sso

Example: - https://qademo22.yourzephyr.com/flex/saml/sso

configure-identifiers.png

  • Under Choose Access Control Policy, select Permit everyone and click Next. This allows all users to access the relying party; these policies can later be modified as required.

    choose-access-control-policy.png

  • On the Finish page, select Configure claims issuance policy for this application and click Close. The Claim Issuance policy page is launched.

    claims-issuance-policy-for-this-application.png

Claim Issuance Policy

If the Claim Issuance Policy page does not open, open AD FS Management Snap and right-click Relying party trust > select Edit Claim Issuance Policy.

rule-a.png

Get the IdP certificate

An IdP certificate is required before configuring the Single Sign-On with DCP.  To get the IdP certificate:

  1. On the Start menu, click Administrative Tools > AD FS Management.

  2. Expand to the Service folder and click Certificates.

  3. Double-click on the Token-signing certificate.

  4. Click Details and click Copy to File.

    certificate-export-wizard.png

On the Certificate Export Wizard, select Base-64 encoded X.509 (.CER) and click Next.

certificate-1.png

Configure the Single Sign-On settings in Zephyr

  1. Go to Administration → Authentication and Select SSO from the Dropdown.

  2. In Identity Provider URL: Give the Detail from the Copy the Link Address from the APP URL: - https://win2k16-dc01.smartbear.local/adfs/ls/idpinitiatedsignon.aspx?loginToRp=https://qademo22.yourzephyr.com/flex/saml/sso.

  3. In Identity Provider Issuer Id: Give the Detail of Entity ID:- http://win2k16-dc01.smartbear.local/adfs/services/trust.

  4. In Certificate provide the Certificate Download from above Step.

  5. Enable Auto-Provisioning:

    • In Attribute Mapping: Give the details from Claim Issuance Policy.

      authentication-system.png
In this section:
© 2024
Publication date: