Introduction
This article will provide guidance on the configuration steps required for Active Directory Federation Services (ADFS) SAML Integration with Rock Solid’s OneView Console. It is important to understand that the SAML Integration process is a HTTPS only process and customers must ensure that they possess a valid Certificate from a Certificate Authority. Currently Rock Solid’s OneView Console supports Single Sign-On (SSO) integration for ADFS versions 2.0 and 3.0.
Please ensure the On-Boarding configuration is completed and the required information is emailed to Rock Solid Technical Support or your Project lead upon completion of the guide below.
This On-Boarding Configuration requires the Rock Solid Public Certificate to complete. Please ensure this certificate was shared before continuing with this guide.
Contents
Basic Configuration Information
Configuring ADFS – Adding a Relying Party Trust
Step 1: Create a New Relying Party Trust
Step 2: Walking Through the “Add Relying Party Trust Wizard”
Step 3: Editing the Rock Solid Relying Party Trust Properties
Step 4: Configuring Claims Rules
Step 5: Send the Federation Metadata URL
Basic Configuration Information
SAML Assertion Endpoint |
https://console.citysourced.com/saml/{id}/acs |
SAML Assertion Endpoint Binding |
POST |
Relying Party Identifier URL |
https://console.citysourced.com |
Secure Hash Algorithm |
SHA-256 |
Rock Solid Public Certificate |
This will be provided by your Rock Solid Project lead |
NOTE: The above values are for production instances. If you are setting up a Stage (STG) or GovCloud (GOV) instance (or other), you will use the following values:
USA (GovCloud) Values |
|
SAML Assertion Endpoint |
https://console.citysourced.us/saml/{id}/acs |
Relying Party Identifier URL |
https://console.citysourced.us |
CANADA Values |
|
SAML Assertion Endpoint |
https://console.citysourced.ca/saml/{id}/acs |
Relying Party Identifier URL |
https://console.citysourced.ca |
AUSTRALIA Values |
|
SAML Assertion Endpoint |
https://console.citysourced.com.au/saml/{id}/acs |
Relying Party Identifier URL |
https://console.citysourced.com.au |
Staging Values |
|
SAML Assertion Endpoint |
https://console.citysourced.net/saml/{id}/acs |
Relying Party Identifier URL |
https://console.citysourced.net |
Configuring ADFS – Adding a Relying Party Trust
Step 1: Create a New Relying Party Trust
Step 2: Walking Through the “Add Relying Party Trust Wizard”
Click the “Start” button.
Select “Enter data about the relying party manually” and click “Next”.
Enter “OneView” in the “Display name:” text box and click “Next”.
NOTE: The display name does not have to match with any other configuration.
Select “AD FS Profile” and click “Next”.
Click “Next” at the “Configure Certificate” screen.
Click “Enable support for SAML v2.0”, enter “https://console.citysourced.com” or the appropriate SAML URL depending on the Environment. The URLs are included above. Click “Next”.
Enter “https://console.citysourced.com” or the appropriate SAML URL depending on the Environment. The URLs are included above. click “Add” and then click “Next”.
Select “I Do not want to Configure Multi-factor authentication settings for this relying party trust at this time.” and click “Next”.
Select “Permit all users access to this relying party” and click “Next”.
Review the configuration and click “Next”.
If the below screen is displayed, Make sure that “Open the Edit Claim Rules Dialog for this relying party trust when the wizard closes” is NOT selected and click “Close”.
All done for Step 2! The new Rock Solid party trust should be included in the list of relying party trusts.
Step 3: Editing the Rock Solid Relying Party Trust Properties
Right click the party trust and select “Properties”.
Click the “Advanced” tab and select/verify that the “SHA-256” algorithm is being used.
Select the “Signature” tab, click “Add” and load the Rock Solid certificate, then click “OK”.
Step 4: Configuring Claims Rules
Open the Edit Claims Window right click the OneView Relying Party Trust and select “Edit Claims Rules…”.
Select “Send LDAP Attributes as Claims” and click “Next”.
Enter the following claims from the “Active Directory” Attribute store and click “OK”.
LDAP Attribute |
Outgoing Claim Type |
---|---|
E-Mail-Addresses |
|
Given-Name |
firstname |
Surname |
lastname |
SAM-Account-Name |
username |
Department |
department |
NOTE: The values entered are CaSe SeNsItIvE.
Click “OK” to approve and close the “Edit Claims Rules” wizard.
All done for Step 4!
Step 5: Send the Federation Metadata URL
On the Rock Solid’s AD FS server, we will create a claims provider trust for the partner organization’s federation server. We will need the customer to provide the following:
Data Source: the path to the partner company’s federation data URL (Example: https://adfs.contoso.com/federationmetadata/2007-06/federationmetadata.xml)
Send the URL to the Rock Solid Customer Success team at: support@rocksolid.com or to your project lead.