Quick guide to setup ADFS access protocol in Exivity.
On ADFS side, go to Trust Relationships -> Relying Party Trusts, click on Add Relying Party Trust
Select Data Source: Enter data about the relying party manually
Specify Display Name: Exivity
Choose Profile: AD FS Profile
Configure Certificate: Leave blank
Configure URL: Leave blank
Configure Identifier: https://EXIVITY-URL /v1/auth/saml/metadata
Configure Multi-factor authentication now?: Choose I do not want to configure multi-factor authentication settings for this relying party trust at this time.
Choose Issuance Authorization Rules: Permit all users to access this relying party
Ready to Add trust: --
Click on Finish.
Right click the newly added trust: Properties
Go to Endpoints – Add SAML:
Endpoint type: SAML Assertion Consumer
Binding: POST
Trusted URL: https://EXIVITY-URL/v1/auth/saml/acs
Click on Save.
Right click the newly added trust: Edit Claim Rules
Go to Issuance Transform Rules – Add Rule
Choose Rule Type: Send Claims using a Custom Rule
Configure Claim Rule:
Claim Rule Name – Exivity
Custom Rule:
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]
=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
Finally, click on Save.
Make sure to perform the following steps with an Exivity user with enough rights (admin user)
First, go to Administration - Settings - Single sign-on and choose the SAML tab:
In a separate browser tab, open the Exivity SAML configuration and fill the following settings:
As the last step, enable Single Sign-On in Exivity by navigating to Administration > Settings and then clicking on the System tab. Make sure the Single Sign-On option is set to Enabled, and click the Update button:
SSO is now configured and enabled, and you can now use ADFS to login to your Exivity instance. The login screen will look something like this:
And by clicking on the Login button, you'll be taken to the ADFS login screen.
Exivity SAML setting
Use value
Entity ID
Sometimes called the Issuer or Metadata URL. Example: http://ADFS-URL/adfs/services/trust
SSO URL
The URL of the Single Sign On service endpoint. Sometimes called the SAML 2.0 Endpoint. Example: https://ADFS-URL/adfs/ls
SLO URL
The URL of the Single Logout service endpoint, suffix with ?wa=wsignout1.0 Example: https://ADFS-URL/adfs/ls/?wa=wasignout1.0
X-509 certificate
Base-64 encoded (DER) certificate, enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
Advanced settings
{
"security": {
"wantXMLValidation": false
}
}
