Skip to main content

Active Directory settings - Windows AD

Zoltán Mikolás
  • Updated

 

Perfion does not provide support on how to setup Active Directory on Windows Server or in Azure.

 

Windows AD

If you already have an AD FS server just skip the firsts steps and go to the section Add Application registration below.

Install AD FS

Go to your server where you want to install AD FS, requires minimum AD FS 4.0
Best practice is not to add AD FS to our domain control server.

Then go to Add Roles and Features Wizard press next and select Role-based or feature-based installation and press next

0aa4af79-2a48-4a49-88f7-f0bf914476a0.png
6545c67d-4cb9-4680-9221-c3c4759aa8a7.png

Now select the server you want to install AD FS on – probably you will only see the server you are on.

Then select Active Directory Federation Services

062eb6f3-ec28-41b9-86e9-ca17c6ffce4f.png
e778868a-162c-48db-bec5-d7bde3f8a304.png

Then finish the installation

6bab18ff-d59b-4c54-9c5e-bf049733056c.png
57d5412d-1e88-48b2-9465-c4f487b29af7.png
4d721d72-c461-42b6-b589-1bfb67955342.png

Configure AD FS

After installing AD FS you need to configure AD FS by pressing the flag with the warning icon you can select Configure the federation service on this server

30593007-7d84-4f3d-8546-591cf491e485.png
b7101de9-a85d-499e-a080-ac609ca6c2fb.png
e45dfa65-ae00-4234-8dfd-d9b9c45a382b.png

Select user to connect to Domain Services.

Select SSL certificate for AD FS, service name and display name (is shown when users authenticate against AD)

1e3e4659-de03-4f93-ab8b-1250452349cd.png
30189e1c-93e8-4d05-b149-a50f918d7170.png

Specify domain user account or group Managed Service Account.

Specify database for AD FS configuration.

65220481-f29b-497b-ba4d-179f7651cc97.png
34395643-4909-43ca-890f-73efb49f47f9.png

Then finish the configuration

6f66ef0e-019e-4388-849d-be0826504e67.png
a0d4d733-0644-495f-88f5-7895ef4ab848.png

 

Add Application registration

Go to AD FS Management to add Application registration.

78d77933-be44-4827-a457-d72769fc2ad1.png

Change Primary Authentication Methods to Forms Authentication

81291d3d-2e24-4cfa-b312-44310d558387.png
796e9263-1a50-4589-be4d-77513f97558d.png

Go to Application Groups and Add Application Group.

Name your AD FS Application – probably name it something with Perfion to know where the application is used.

Select Native application accessing a web API.

cfa22f13-6f8f-44d0-b3d2-521a2f154dff.png
37deefed-27bd-4cef-a348-8f5b752259a3.png

Client Identifier is automatic created but possible to select your own(used in Perfion Settings).

Add http://localhost:80 to Redirect URI – If using Web Client you need to add URI to Web Client in Redirect URI:

Under configuration off Web API add Client Identifier from previous step to Identifier

af5a27d4-e57c-464f-9f3c-4310d6a5bcb5.png
7de555db-b2d1-4241-a9d9-febdaa2bee1f.png

Then finish the creation off the application.

If the client returns “Sequence contains no matching element” then you may need to change Permitted scopes to allatclaims.

c92b5749-2b75-4daf-b810-4b4053102304.png
e72d6810-68c2-4259-852c-c56477d10650.png
89ff5c04-25c7-4736-a8d4-f48b441a4057.png
cdf6ca74-7e13-474b-b1b3-353759eadf2c.png

Add Issuance Transform Rule to send the needed claims to Perfion.

Use Send LDAP Attributes as Claims template.

d00da3aa-a881-499e-8d53-1da86b36eaf8.png
7b721b37-b28c-4007-80d0-8f32ca249a78.png

Use Active Directory store and create following mappings:

72aee9f8-87dd-411b-abe9-c38f437ac4e4.png
Display-Name Name
E-Mail-Addresses UPN
Token-Groups – Unqualified Names Role

Now you are ready to use AD FS in Perfion.

Related articles

Comments

0 comments

Please sign in to leave a comment.