Differences
This shows you the differences between two versions of the page.
|
documentation:latest:applications:adfs [2017/03/13 18:04] |
documentation:latest:applications:adfs [2017/03/13 18:04] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== Active Directory Federation Services ====== | ||
| + | |||
| + | {{ :applications:microsoft-adfs.png?nolink |}} | ||
| + | |||
| + | ===== Presentation ===== | ||
| + | |||
| + | Microsoft ADFS (Active Directory Federation Services) is an Identity/Service Provider, compatible with several protocols, including SAML 2.0. | ||
| + | |||
| + | <note important>This documentation does not explains how to setup ADFS, but give only tricks to make it works with LL::NG</note> | ||
| + | |||
| + | ===== ADFS as Identity Provider ===== | ||
| + | |||
| + | When ADFS is declared as an Identity Provider in LemonLDAP::NG, you need to take care of the following items: | ||
| + | * HTTPS is mandatory on LL::NG portal | ||
| + | * You need to use a certificate in LL::NG SAML metadata instead of a raw public key | ||
| + | * Activate option ''Use specific query_string method'' in SAML Service | ||
| + | * Use SHA1 instead of SHA256 as signature algorithm on ADFS if using a Lasso version < 2.5.0 | ||
| + | * Force SAML response to be sent by POST and not Artifact (signature verification fails with Artifact) | ||
| + | * Enable ''Allow proxy authentication'' in IDP options on LL::NG side | ||