Configuring ADFS as an IdP - EcoSys - Administration & Configuration - Hexagon

EcoSys System Administration

Search by Category
Administration & Configuration
EcoSys Version

If your IP is Microsost ADFS, use the following steps to configure the trust relationship.

  1. Launch ADFS Managment on your IdP.

    The ADFS window displays.

  2. In the left panel, expand Trust Relationships, and then select Relying Party Trusts.

  3. In the Actions panel, select Add Relying Party Trust.

    The software opens the Add Relying Trust wizard and displays the Welcome screen.

  4. Click Start to begin the process.

  5. Select Import data about the relying party from a file on the Select Data Source screen.

  6. Click Browse, navigate to the ESFM_Home/SAML/metadata/SP folder on the application server, and select the file SPMetadata.xml.

    You may have to map this location to the ADFS server or copy the file to a network share or to the IdP.

  7. Click Next.

    The wizard displays the Specify Display Name screen.

  8. Type EcoSys EPC (PROD) in the Display Name box, and click Next.

  9. On the Configure Multi-factor Authentication Now? screen, select I do not want to configure multi-factor authentication settings for this relying party at this time, and then click Next.

  10. Select Permit all users to access this relying party on the Choose Issuance Authorization Rules screen, and then click Next.

  11. Select the Endpoints tab on the Ready to Add Trust screen, and verify that four endpoints are listed.

  12. Click Next.

  13. On the Finish screen, clear Open the Edit Claim Rules dialog for this relying party trust when the wizard closes.

    The software creates the relying party.

  14. Right-click the EcoSys EPC (PROD) relying party entry, and select Properties.

    The EcoSys EPC (PROD) Properties dialog box displays.

  15. On the Advanced tab, select SHA-256 in the Secure hash algorithm list, and then click OK.

    SHA-1 is not supported.

  16. Right-click the EcoSys EPC (PROD) relying party entry again, and then select Edit Claim Rules.

    The Edit Claim Rules for EcoSys EPC (PROD) displays.

The remaining steps are for illustration only and may not be the way that you choose to set up your claim rules. This example shows a two rule scenario. The first rule extracts the UPN from the Active Directory. The second rule transforms that UPN into the X.509 Subject Name in the format of username@domain.suffix.

Add Rule

This completes ADFS server configuration. When anyone accesses the server, the user is redirected to the ADFS server for authentication. If authentication is successful, ADFS sends user details in the format username@domain.suffix back to EcoSys.