SAML Authentication - How To's

How to configure SAML authentication settings in Desktop Central for AD FS?

Description

This document will walk you through the steps required to configure SAML Authentication settings in Desktop Central for AD FS.

Installation Steps

  1.  Open AD FS management. Click on Add Relying Party Trust.
  2. Click on Start.
  3. Choose Enter data about the relying party manually. Click on Next.
  4. Enter an appropriate Display name.
  5. Choose AD FS profile. Click on Next.
  6. Click on Next.
  7. In Desktop Central, navigate to Admin tab and select SAML Authentication. Choose Certificate against Configuration by downloading. Copy the Assertion Consumer URL.
  8. Choose Enable support for the SAML 2.0 WebSSO protocol. Paste the Assertion Consumer URL here. Click on Next.
  9. Again in Desktop Central, navigate to Admin tab and select SAML Authentication. Choose Certificate against Configuration by downloading. Copy Entity ID.
  10. In AD FS management, paste the Entity ID in the Relying party trust identifier. Click on Add.
  11. Click on Next.
  12. Choose I do not want to configure multi-factor authentication settings for this relying party trust at this time. Click on Next.
  13. Choose Permit all users to access this relying party. Click on Next.
  14. Click on Next.
  15. Check the option - Open the Edit Claim Rules dialog for this relying party trust when the wizard closes. Click on Close.
  16. Click on Add Rule.
  17. In the drop-down list under Claim rule template, choose Transform an Incoming Claim. Click on Next.
  18. Enter appropriate Claim rule name. Choose Windows account name as Incoming claim type. Select Name ID as Outgoing claim type. Choose Transient Identifier as Outgoing name ID format. Select Pass through all claim values. Click on Finish.
  19. Click on Apply and then, click OK.
  20. The next step is to download the Federation Metadata XML file from ADFS. The XML can be downloaded by appending: FederationMetadata/2007-06/FederationMetadata.xml to the root URL of the ADFS server. For example: If the FQDN of the ADFS server is dc.com, then the complete URL would be  https://dc.com/federationmetadata/2007-06/FederationMetadata.xml
  21. In the Desktop Central web console, navigate to the SAML Authentication Settings. Here, select the IdP as ADFS and choose the Name ID as Username. Beside Configuration by uploading, choose Metadata and upload the Metadata XML file.
  22. Open Desktop Central web console. Click on Login with ADFS. Choose Sign in to one of the following sites. Select the name that you have entered in Display name. Click on Sign in.
  23. Enter the credentials.