Show/Hide Toolbars

Inventu Viewer+ Configuration Management

The following general activities set-up ADFS for SAML 2.0 authentication with Inventu Viewer.  There are a number of different configuration steps which then relate to the configuration settings in the Config/Admin.html page.

 

As ADFS can be different depending on the version, and as there are approaches that AD administrators may prefer, please consider the following as a guide, not step-by-step instructions.

 

1.First, your AD administrator needs to create and provide a certificate

2.Next create "Relying Party Trust"
To learn how to add a relying party trust, read Create a relying party trust at https://docs.microsoft.com.

a.Follow the first steps for defining the relying party trust manually - in our sample screenshots, the trust is named "Inventu_FVTerm2"

b.The URLs for Relying party WS-Federation Passive protocol URL and the Relying party SAML 2.0 SSO Service URL will be like the samples provided only with your AD server URL as the base

c.The certificate from step 1 will be set in one of the steps

d.Relying party identifiers should be the URL for your Inventu Viewer Server, like "https://viewer.mycompany.com/fvterm" as well as the trust name (example: Inventu_FVTerm2"

e.At the end, keep the box checked for "Open the Edit Claim Rules dialog"

3.You will be adding two rules-- NOTE that your administrator may choose to tweak or provide their own rules:
 

editclaimrulesall

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => add(store = "Active Directory", types = ("NAMEID"), query = ";sAMAccountName;{0}", param = c.Value);

 

editclaimrulesall2

 

c:[Type == "NAMEID"] => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");

4. Close the Claim Rules editor and find your New Relying Party Trust and double-click to open its properties

5. Click on the EndPoints Tab and add an endpoint that looks like this:
 adfsEndpoint