Versions Compared

Old Version 7

changes.mady.by.user Anastasiya Selivanava

Saved on

compared with

New Version Current

changes.mady.by.user Anastasiya Selivanava

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page describes how to set up SAML SSO connection with ServiceChannel in ADFS 3.0.

Configuring Connection via the Relying Party Trust Wizard

Panel
bgColor#F9F9F9
titleColor#0e3367
titleBGColor#EAEAEA
borderStylenone
title⦿ How to configure connection via Relying Party Trust Wizard
  1. Start the Relying Party Trust Wizard.
  2. Select Enter data about the relying party manually, and then click Next.
  3. Enter the trust display name, and then click Next.
  4. Select AD FS Profile, and then click Next.
  5. (Optional) Configure the token encryption certificate, and then click Next.
  6. Select both Enable support for the WS-Federation Passive protocol URL and Enable support for the SAML 2.0 WebSSO protocol. Enter the ServiceChannel SAML SSO URL, and then click Next.
  7. Under Relying party trust identifier, the default identifier is present. If necessary, enter other identifiers, and then click Next.
  8. Click Next to skip the multi-factor authentication setup.
  9. Select the appropriate authorization rule. This can be changed later.
  10. Review the configured settings before adding the relying party trust to the configuration database, and then click Next.
  11. Select Open the Edit Claim Rules dialog for this relying party trust when the wizard closes and click Close.
  12. In the Edit Claim Rules window, click Add Rule.
  13. In the Claim rule template drop-down list, keep the default Send LDAP Attributes as Claims option, and then click Next.
  14. Enter the claim rule name. In the Attribute store drop-down list, select Active Directory.

  15. In the LDAP Attribute drop-down list, select E-Mail-Addresses. In the Outgoing Claim Type list, select Name ID.

    Info

    Each claim rule will differ depending on attributes sent. In this example, the claim rule obtains the user's email address from the Active Directory and sends it as Name ID field of the SAML Assertion.


  16. Click Finish.

The configuration is complete. Begin testing.

Trust Properties Screenshots

Gallery
includeLabeltrust-properties-ss
sortname

Testing the Configuration

Panel
bgColor#F9F9F9
titleColor#0e3367
titleBGColor#EAEAEA
borderStylenone
title⦿ How to test configuration
  1. Open Internet Explorer and browse to https://<yourdomain>/adfs/ls/idpinitiatedsignon.aspx. The  The page with a drop-down list of all configured relying party trusts opens.
  2. Select the required relying party trusts and click Continue to Sign In.

If the configuration is correct, you should be logged in.

Troubleshooting

Should you see the ServiceChannel login form, your connection is set up properly, but there is an issue with the configuration on the SC side or wrong data are sent in the SAML assertion. Contact SC to debug.

You can create a direct link so that users do not need to select from a drop-down list.

To do that, browse to to https:// <yourdomain>/adfs/ls/idpinitiatedsignon.aspx?logintoRP=https://login.servicechannel.com.

Live Search
spaceKeySCU
additionalpage excerpt
placeholderSearch our Knowledge Base
typepage
labelsfm

Panel
titleColor#ffffff
titleBGColor#5fa7d0
borderStylegroove
titleIn this Article

Table of Contents
maxLevel3
minLevel2
indent20px

Panel
titleColorwhite
titleBGColor#75a346
titleRelated Articles

Filter by label (Content by label)
showLabelsfalse
max8
showSpacefalse
sorttitle
cqllabel = "saml-sso" and space = currentSpace ( )