ADFS

Quick guide to setup ADFS access protocol in Exivity.

Setting up ADFS Configuration

On ADFS side, go to Trust Relationships -> Relying Party Trusts, click on Add Relying Party Trust

Select Data Source: Enter data about the relying party manually
Specify Display Name: Exivity
Choose Profile: AD FS Profile
Configure Certificate: Leave blank
Configure URL: Leave blank
Configure Identifier: https://EXIVITY-URL /v1/auth/saml/metadata
Configure Multi-factor authentication now?: Choose I do not want to configure multi-factor authentication settings for this relying party trust at this time.
Choose Issuance Authorization Rules: Permit all users to access this relying party
Ready to Add trust: --
Click on Finish.

Right click the newly added trust: Properties

Go to Endpoints – Add SAML:
- Endpoint type: SAML Assertion Consumer
- Binding: POST
- Trusted URL: https://EXIVITY-URL/v1/auth/saml/acs
Click on Save.

Right click the newly added trust: Edit Claim Rules

Go to Issuance Transform Rules – Add Rule
Choose Rule Type: Send Claims using a Custom Rule
Configure Claim Rule:
- Claim Rule Name – Exivity
- Custom Rule:
- c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]
  => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
Finally, click on Save.

Setting up ADFS in Exivity

Make sure to perform the following steps with an Exivity user with enough rights (admin user)

First, go to Administration - Settings - Single sign-on and choose the SAML tab:

In a separate browser tab, open the Exivity SAML configuration and fill the following settings:

Exivity SAML setting

Use value

Entity ID

Sometimes called the Issuer or Metadata URL. Example: http://ADFS-URL/adfs/services/trust

SSO URL

The URL of the Single Sign On service endpoint. Sometimes called the SAML 2.0 Endpoint. Example: https://ADFS-URL/adfs/ls

SLO URL

The URL of the Single Logout service endpoint, suffix with ?wa=wsignout1.0 Example: https://ADFS-URL/adfs/ls/?wa=wasignout1.0

X-509 certificate

Base-64 encoded (DER) certificate, enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----

Advanced settings

{ "security": { "wantXMLValidation": false } }

As the last step, enable Single Sign-On in Exivity by navigating to Administration > Settings and then clicking on the System tab. Make sure the Single Sign-On option is set to Enabled, and click the Update button:

SSO is now configured and enabled, and you can now use ADFS to login to your Exivity instance. The login screen will look something like this:

And by clicking on the Login button, you'll be taken to the ADFS login screen.

PreviousOneLogin NextLDAP

Last updated 2 years ago