Configure SAML authentication settings in Network Configuration Manager for Microsoft AD FS?

Listed below are the steps to configure SAML authentication in Network Configuration Manager for Microsoft AD FS (IdP) with Single Sign-On.

  1. Open AD FS management and click on Add Relying Party Trust.
  2. Configure ADFS IdP in OpManager

  3. Now, go to Network Configuration Manager and navigate to Settings -> > Authentication -> SAML . Download the Service Provider metadata and SP Certificate files from the links provided and copy the SP Entity ID and ACS URL.
  4.  

     

  5. Go back to AD FS, click Start and choose ‘Import data about the relying party from a file’. Upload the metadata file. Click on Next.
  6. Note: Please refer to the 7th point under configuring Microsoft Ad FS manually for the next steps.

    Configure ADFS IdP in OpManager

You can also configure Microsoft ADFS manually. To do so,

  1. Login to ADFS management and select Add Relying Party Trust.
  2. Click Start and choose ‘Enter data about the relying party manually’. Click on Next.
  3. Configure ADFS IdP in OpManager

  4. Go to Choose Profile and select AD FS profile. Click Next.
  5. Configure ADFS IdP in OpManager

  6. Choose ‘Enable support for SAML 2.0 WebSSO protocol’ option and enter the service provider URL. Click on Next.
  7. Configure ADFS IdP in OpManager

  8. Navigate to Network Configuration Manager and copy the Entity ID. Go to Configure Identifiers in Microsoft AD FS and paste the Entity ID in relying party trust identifier.
  9. Configure ADFS IdP in OpManager

  10. Choose the ‘ I do not want to configure multi-factor authentication settings for this relying party trust at this time’ option.Click Next.
  11. Configure ADFS IdP in OpManager

  12. Select ‘Permit all users to access this relying party’ option.Click Next.
  13. Configure ADFS IdP in OpManager

  14. Click on Next.
  15. Configure ADFS IdP in OpManager

  16. Check the option 'Open the Edit Claim Rules dialog for this relying party trust when the wizard closes’ and select Close.
  17. Configure ADFS IdP in OpManager

  18. Click on Add Rule. In the drop-down list under Claim rule template, choose Transform an Incoming Claim and click Next.
  19. Configure ADFS IdP in OpManager

    Configure ADFS IdP in OpManager

  20. Enter appropriate Claim rule name. Choose Windows account name as Incoming claim type. Select Name ID as Outgoing claim type. Choose Transient Identifier as Outgoing name ID format. Select Pass through all claim values. Click on Finish.
  21. Configure ADFS IdP in OpManager

  22. Click on Apply and then select OK.
  23. Configure ADFS IdP in OpManager

  24. The next step is to download the Federation Metadata XML file from ADFS. You can download the XML by appending: FederationMetadata/2007-06/FederationMetadata.xml to the root URL of the ADFS server. For example: If the FQDN of the ADFS server is dc.com, then the complete URL would be https://dc.com/federationmetadata/2007-06/FederationMetadata.xml
  25. In the Network Configuration Manager web console, navigate to the Settings ->  Authentication->SAML. Here, select the IdP as ADFS and choose the Name ID as Username. Beside Configuration by uploading, choose Metadata and upload the Metadata XML file.
  26.  

    SAML authentication in OpManager

     

Once the above said configurations are done on the IdP side, the required IdP details needs to be configured in Network Configuration Manager. Click here for steps to configure IdP details in Network Configuration Manager.

Once the configurations are done on both sides, SAML authentication via AD FS will be enabled in Network Configuration Manager. In Network Configuration Manager's login portal, choose to Login with AD FS and enter the necessary credentials to login.