Skip to main content

Configure Single Sign-On (SSO) with ADFS (ADFS 4.0 OpenID or ADFS 2.0, 3.0 SAML)

BlueDolphin Support
  • Updated

Configuring a Single Sign-On (SSO) with ADFS can be done in two ways, depending on your ADFS version:

  • For ADFS 4.0, on Windows Server 2016 and up, use OpenID.
  • For ADFS 2.0 and 3.0, on Windows Server 2012 R2 and below, use SAML.

 

Configure federation using OpenID (ADFS 4.0)

1. Open ADFS Settings.

2. Create a new application group by clicking Add Application Group...

mceclip0.png

3. In Name use "BlueDolphin".

4. In Template select Web Browser accessing a web application.

5. Click Next.

6. A Client Identifier is generated. Temporarily store this value, because you will need it later on.

mceclip1.png

7. Add the following Redirect URI (these URLs are subject to change):

  • For EU tenants:

            https://bluedolphin01.b2clogin.com/bluedolphin01.onmicrosoft.com/oauth2/authresp

8. Select Access Control Policy and configure as desired.  

9. Click Next, Next, Next and then Close.

10. Open the created Application Group.

11. Select the BlueDolphin Web Application and choose Edit...

mceclip2.png

12. Open the tab Issuance Transform Rules.

13. Add Rule.

14. In Claim Rule Template select Send LDAP attributes as claims.

15. Click Next.

16. In Claim Rule Name use "BlueDolphin Claims".

17. In Attribute store select Active Directory.

18. Configure the following claims:

Configure_the_following_claims.png

19. Click Finish.

20. Open the tab Client Permissions.

21. Select the following scopes:
mceclip4.png

22. Click OK and OK again.

23. Determine your federation metadata URL. This should be something like:

https://adfs.yourdomain.toplevel/adfs/.well-known/openid-configuration

24. To finalize the configuration process, send the following information to the ValueBlue support team:

    • Client Identifier
    • Metadata URL
    • Your BlueDolphin site URL
    • Domain name
    • Logo in .png format

 

Configure federation using SAML (ADFS 2.0 & 3.0)

1. To initialize the configuration process, send the following information to the ValueBlue support team:

  • Your ADFS federation metadata URL, which should be something like: "https://adfs.mydomain.com/federationmetadata/2007-06/federationmetadata.xml"
  • The domain name that is used to log in to your Active Directory domain, for example, myowndomain.nl or myactivedirectorydomain.local.
  • Your BlueDolphin site URL
  • Logo in .png format

2. The ValueBlue Support team will create a federation metadata endpoint for you based on this information and send to you the URL of this endpoint (this value will be referred to as %bdfederationmetadataurl%). You will need this URL to set up the relying trust.

3. In Server Manager, select Tools, and then select ADFS Management.

4. Select Add Relying Party Trust.

5. On the Welcome page, choose Claims aware, and then click Start.

6. On the Select Data Source page, select Import data about the relying party publish online or on a local network, provide the following metadata URL, and then click Next.

  • When asked for the relying party's federation metadata URL, enter the %bdfederationmetadataurl% value you received from the BlueDolphin support.

7. On the Specify Display Name page, enter a Display name, under Notes, enter a description for this relying party trust, and then click Next.

8. On the Choose Access Control Policy page, select a policy, and then click Next.

9. On the Ready to Add Trust page, review the settings, and then click Next to save your relying party trust information.

10. On the Finish page, click Close. This action automatically displays the Edit Claim Rules dialog box.

11. Select Add Rule.

12. In Claim rule template, select Send LDAP attributes as claims.

13. Provide a Claim rule name. For the Attribute store, select Active Directory, add the following claims, then click Finish and OK.

Configure_the_following_claims.png

14. Based on your certificate type, you may need to set the HASH algorithm. On the relying party trust properties window, select the Advanced tab and change the Secure hash algorithm to SHA-256, and click OK.

15. In Server Manager, select Tools, and then select ADFS Management.

16. Select the relying party trust you created, select Update from Federation Metadata, and then click Update.

 

Comments

0 comments

Please sign in to leave a comment.