Introduction

This article will provide guidance on the configuration steps required for Active Directory Federation Services (ADFS) SAML Integration with Rock Solid’s OneView Console. It is important to understand that the SAML Integration process is a HTTPS only process and customers must ensure that they possess a valid Certificate from a Certificate Authority. Currently Rock Solid’s OneView Console supports Single Sign-On (SSO) integration for ADFS versions 2.0 and 3.0.

Please ensure the On-Boarding configuration is completed and the required information is emailed to Rock Solid Technical Support or your Project lead upon completion of the guide below.

This On-Boarding Configuration requires the Rock Solid Public Certificate to complete. Please ensure this certificate was shared before continuing with this guide. 

Contents

Basic Configuration Information

Configuring ADFS – Adding a Relying Party Trust

Step 1: Create a New Relying Party Trust

Step 2: Walking Through the “Add Relying Party Trust Wizard”

Step 3: Editing the Rock Solid Relying Party Trust Properties

Step 4: Configuring Claims Rules

Step 5: Send the Federation Metadata URL

Basic Configuration Information

NOTE: The above values are for production instances. If you are setting up a Stage (STG) or GovCloud (GOV) instance (or other), you will use the following values:

Configuring ADFS – Adding a Relying Party Trust

Step 1: Create a New Relying Party Trust

Step 2: Walking Through the “Add Relying Party Trust Wizard”

Click the “Start” button.

Select “Enter data about the relying party manually” and click “Next”.

Enter “OneView” in the “Display name:” text box and click “Next”.

NOTE: The display name does not have to match with any other configuration.

Select “AD FS Profile” and click “Next”.

Click “Next” at the “Configure Certificate” screen.

Click “Enable support for SAML v2.0”, enter “https://console.citysourced.com” or the appropriate SAML URL depending on the Environment. The URLs are included above. Click “Next”.

Enter “https://console.citysourced.com” or the appropriate SAML URL depending on the Environment. The URLs are included above. click “Add” and then click “Next”.

Select “I Do not want to Configure Multi-factor authentication settings for this relying party trust at this time.” and click “Next”.

Select “Permit all users access to this relying party” and click “Next”.

Review the configuration and click “Next”.

If the below screen is displayed, Make sure that “Open the Edit Claim Rules Dialog for this relying party trust when the wizard closes” is NOT selected and click “Close”.

All done for Step 2!  The new Rock Solid party trust should be included in the list of relying party trusts.

Step 3: Editing the Rock Solid Relying Party Trust Properties

Right click the party trust and select “Properties”.

Click the “Advanced” tab and select/verify that the “SHA-256” algorithm is being used.

Select the “Signature” tab, click “Add” and load the Rock Solid certificate, then click “OK”.

Step 4: Configuring Claims Rules

Open the Edit Claims Window right click the OneView Relying Party Trust and select “Edit Claims Rules…”.

Select “Send LDAP Attributes as Claims” and click “Next”.

Enter the following claims from the “Active Directory” Attribute store and click “OK”.

NOTE: The values entered are CaSe SeNsItIvE.

Click “OK” to approve and close the “Edit Claims Rules” wizard.

All done for Step 4!

Step 5: Send the Federation Metadata URL

On the Rock Solid’s AD FS server, we will create a claims provider trust for the partner organization’s federation server. We will need the customer to provide the following:

Data Source: the path to the partner company’s federation data URL (Example: https://adfs.contoso.com/federationmetadata/2007-06/federationmetadata.xml)

Send the URL to the Rock Solid Customer Success team at: support@rocksolid.com or to your project lead.