installing and configuring adfs for mesdp on demand

ZOHOCORP

Installing and configuring AD FS 2.0 to

work with ManageEngine SDP On-Demand Step by Step Guide

ManageEngine On-Demand

5/12/2011

This document contains the steps for installing and configuring AD FS 2.0 to work with ManageEngine

ServiceDesk Plus On-Demand.

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

2

Note: Screenshots contain the following:

Verified primary domain name: pmp.com

AD FS 2.0 installed on system: pmp-w2k8

Double-click the downloaded ADFSSetup.exe Click Next

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

3

Accept the License Agreement and click Next

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

4

Select 'Federation Server' and click Next

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

5

Click Next

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

6

'Un-Select' the checkbox 'Start the AD FS 2.0 ...' and then click 'Finish'

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

7

Go to C:\Program Files\Active Directory Federation Services 2.0 directory and edit the file “Microsoft.IdentityServer.ServiceHost.exe.config” using “wordpad”

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

8

Insert a line <generatePublisherEvidence enabled=”false” /> as seen above. Save and Exit wordpad

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

9

Double click on FsConfigWizard.exe

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

10

Select “Create a new Federation Service” and click “Next”

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

11

Select “Stand-alone Federation server” and click Next

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

12

Federation Service name will be shown by default based on the SSL Certificate installed on the IIS Server. Click 'Next'

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

13

If “Delete database” option is shown, then “Select” it and click 'Next

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

14

Click Next

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

15

The Wizard will complete the configuration as shown below.

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

16

Go to Start Menu → Administrative Tools → AD FS 2.0 Management

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

17

Right-click on 'AD FS 2.0' and click 'Edit Federation Service Properties'

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

18

Edit Federation Service name and identifier so as to not contain any domain component. For e.g., we have removed “pmp.com” domain component and have set the Federation service name and identifiers as just “pmp-w2k8”

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

19

Right click on 'Trust Relationships' and click on 'Add Relying Party Trust'

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

20

Click 'Start

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

21

Select “Enter data about the relaying party manually”

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

22

Type the Display name as “zoho.com”. Click Next

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

23

Select AD FS 2.0 profile and click Next

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

24

Click Next

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

25

1. Select “Enable support for the SAML 2.0 WebSSO protocol” 2. Enter the Relying party SAML 2.0 SSO service URL as : https://accounts.zoho.com/samlresponse/<your_verified_primary_domain> 3. Click Next

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

26

1. Enter the Relying party trust identifier as “zoho.com” 2. Click Add

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

27

Click Next

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

28

Select “Permit all users to access this Relying party” and click Next

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

29

Click Next

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

30

“Un-Select” the “Open the Edit Claim Rules...” checkbox and click Close

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

31

Right-click on zoho.com and click Properties

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

32

Click the “Advanced” tab and change the Secure hash algorithm as “SHA-1”

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

33

Right-click on zoho.com and click “Edit claim Rules”

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

34

In the “Issuance Transform Rules” tab click “Add Rule”

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

35

Select “Send Claims Using a Custom Rule” and click Next

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

36

Enter the Claim rule name as “windowsaccountname”. Copy paste the following code and click Finish c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"] => add(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"), query = "sAMAccountName={0};mail;{1}", param = regexreplace(c.Value, "(?<domain>[^\\]+)\\(?<user>.+)", "${user}"), param = c.Value);

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

37

Again click “Add Rule”

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

38

Select “Send Claims Using a Custom Rule” and click Next

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

39

Enter the Claim rule name as “email”. Copy paste the below code and click Finish c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"] => issue( Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

40

Go to Certificates node. Right-click on the “Token-signing” certificate and click “Show Certificate”

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

41

Click the “Details” tab and click “Copy to File”

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

42

Click “Next”

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

43

Select “No, do not export the private key” and click Next

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

44

Select “Base-64 encoded X.509 (.CER)” and click Next

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

45

Give a file name where the certificate will be exported. Click Next. This certificated is later needed during SAML configuration.

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

46

Click Finish

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

47

Edit web.config present in C:\inetpub\adfs\ls directory

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

48

Make sure Forms Authentication is configured as the first one in <localAuthenticationTypes> and then Save the file

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

49

Logout.aspx

1. Open Notepad 2. Copy and paste the following code 3. File ---> Save As ---> C:\inetpub\adfs\ls\Logout.aspx <%@ Page Language="C#" %> <% Response.CacheControl="no-cache"; %> <% Response.AddHeader("Pragma","no-cache"); %> <% Response.Expires = -1; %> <% FormsAuthentication.SignOut(); int count = Request.Cookies.Count; for(int i = 0 ; i < count ; i++) { System.Web.HttpCookie obj = Request.Cookies[i]; obj.Expires = DateTime.Now.AddDays(-1); obj.Value = ""; obj.Path = "/adfs/ls"; Response.Cookies.Add(obj); } string serviceURL = Request["serviceurl"]; Response.Redirect(serviceURL); %>