Single Sign-On using Microsoft Active Directory Federation Services as Identity Provider
Let your users log in from a Microsoft environment to SoftwareCentral using a Microsoft Active Directory Federation Services (AD FS).
Microsoft AD FS functions as the identity provider for single sign-on authentication.
To configure Microsoft AD FS as a SoftwareCentral identity provider you need a server running at least Microsoft Windows Server 2008 R2 with Microsoft Active Directory Federation Services 2.0.
This guide assumes that you have a running server with Microsoft AD FS configured.
If not, you can read here how to configure a Federation Server Farm.
Open AD FS Management.
Select the Relaying Party Trusts.
Click on Add Relying Party Trust.
The Add Relying Party Trusty Wizard opens.
Select "Claims aware" and click "Start".
Choose "Enter data about the relaying party manually" and click "Next".
Enter a Display name and click "Next".
Click "Next" and do not configure a certificate for token encryption.
Check "Enable support for the WS-Federation Passive protocol:" and enter the address to the SoftwareCentral cloud, followed by your company name as seen in the screenshot below:
Click "Next".
Click "Next".
Click "Next".
Click "Next".
Click "Close".
The "Edit Claim Issuance Policy" windows should now open. If not, right-click on your new Relying Party Trust and click on "Edit Claim Issuance Policy".
Click on "Add Rule".
The Add Transform Claim Rule Wizard opens.
Select "Send LDAP Attributes as Claims" and click "Next".
The Claim rule must send the User Principal Name as an outgoing claim of type Name ID.
Give your Claim rule a name.
Select "Active Directory" under "Attribute store".
Select "User-Principal-Name" under "LDAP Attribute" and "Name ID" under "Outgoing Claim Type".
Click "Finish".
Click "OK" to save the Claim Rule.
Log in to the CloudManager at https://softwarecentral.cloud/CM and go to "Single Sign-On Settings".
Check "Enable Single Sign-On".
Enter the Issuer address. That it the address of your ADFS server.
 |
Note that the Issuer URL must end with a slash ( / ) |
Enter the subject and thumbprint of your primary token signing certificate. You can get those details by running the following PowerShell command on the system with the installed certificate.
C:\> Get-AdfsCertificate
Click "Save" to save your changes.
SoftwareCentral is now configured to use Microsoft AD FS as an identity provider.
Users can log directly into the SoftwareCentral Cloud from a Microsoft environment by following the following URL where you replace "[CompanyName]" with your own company name:
https://softwarecentral.cloud/[CompanyName]/SignOn