Differences
This shows you the differences between two versions of the page.
documentation:latest:applications:adfs [2017/03/13 18:04] |
documentation:latest:applications:adfs [2017/03/13 18:04] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Active Directory Federation Services ====== | ||
+ | |||
+ | {{ :applications:microsoft-adfs.png?nolink |}} | ||
+ | |||
+ | ===== Presentation ===== | ||
+ | |||
+ | Microsoft ADFS (Active Directory Federation Services) is an Identity/Service Provider, compatible with several protocols, including SAML 2.0. | ||
+ | |||
+ | <note important>This documentation does not explains how to setup ADFS, but give only tricks to make it works with LL::NG</note> | ||
+ | |||
+ | ===== ADFS as Identity Provider ===== | ||
+ | |||
+ | When ADFS is declared as an Identity Provider in LemonLDAP::NG, you need to take care of the following items: | ||
+ | * HTTPS is mandatory on LL::NG portal | ||
+ | * You need to use a certificate in LL::NG SAML metadata instead of a raw public key | ||
+ | * Activate option ''Use specific query_string method'' in SAML Service | ||
+ | * Use SHA1 instead of SHA256 as signature algorithm on ADFS if using a Lasso version < 2.5.0 | ||
+ | * Force SAML response to be sent by POST and not Artifact (signature verification fails with Artifact) | ||
+ | * Enable ''Allow proxy authentication'' in IDP options on LL::NG side | ||