This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ADFS 2012R2 Support for in OIM 8x

Hello all,

I was looking through the technical documentation on 8.0 and see some references to ADFS.

 

https://support.oneidentity.com/technical-documents/identity-manager/8.0/application-roles-administration-guide/8#TOPIC-860384

 

Two questions:

  1. Which versions of ADFS is supported?
  2. Is there a "how to" guide on the same.

While I am very comfortable with federated authentication in general, and have configured many SSO integrations with both ADFS and even CAM, it is not clear to me how I would configure an integration with ADFS by looking at the configuration parameters in the document.

In ADFS there is the concept of an application configuration that is distinct and separate from a relying party configuration, so some intel from the experts here would be awesome.

We are running 2012 R2 (3.0) and would prefer to configure ITShop to leverage ADFS as we have most of our SSO integrations running through it. Having to manage an additional STS would not be desirable in this case.

Thanks!

Parents
  • Hi,

    i've looked into my 7.1.2 environment and found the following working configuration for the OAuth authentifier working against ADFS 3.0 (2012R2). The settings should still apply to 8.0.

    I've highlighted the relevant settings.

    My ADFS 3.0 is configured as in the following screenshots. Important is, that you need the ClientID as seen in the PowerShell CMDlet Get-ADFSClient, that the claims are correct.

    ADFS configuration:

    Next, you have to configure the configuration parameters and the Web Portal Settings accordingly.

    Configuration Parameters (only the relevant ones are highlighted):

    Web Portal Settings from Web Designer:

     

    HtH

     

  • The Certificate thumb print is from ADFS Token Signin Certificate. Is that right?

  • Thanks for the quick reply. I followed the same process and now getting the below error. while logging into the portal.

    --------------------

    One or more errors occurred.
    Failed to authenticate user.
    Either the certificate thumb print, certificate subject, one of the certificate endpoints, or certificate text have to be configured in QER\Person\OAuthAuthenticator\.
    Click the button below to log in as a different user.
    ---------------------

    I already have the Certificate thumprint configured in the designer(QER\Person\OAuthAuthenticator\).

Reply
  • Thanks for the quick reply. I followed the same process and now getting the below error. while logging into the portal.

    --------------------

    One or more errors occurred.
    Failed to authenticate user.
    Either the certificate thumb print, certificate subject, one of the certificate endpoints, or certificate text have to be configured in QER\Person\OAuthAuthenticator\.
    Click the button below to log in as a different user.
    ---------------------

    I already have the Certificate thumprint configured in the designer(QER\Person\OAuthAuthenticator\).

Children
  • Please check that there are no invisible characters before the first character you copied into the configuration parameter and ensure that the parameter is enabled. If you copy the thumbprint string from the windows certificate dialog it contains an invisible first character!