Makeen transform offers a wide range of authentication connectors to accommodate enterprises' authentication and identity management systems. One of the systems the platform supports is Active Directory Federation Services (ADFS).
The ADFS SAML Authentication Connector supports authentication using existing Enterprise Active Directory. This is very important for enterprises which wish to use Single Sign-On for their applications.
In this article, you will learn how to add an ADFS SAML Authentication Connector to your app.
Step 1 - Add an ADFS SAML Connector to your Application
After logging into transform Studio and selecting your application, follow the steps below to create this connector:
- In the left menu, under Integrate, click on Connections.
- If you already have a connector configured, the page will display a list of configured connectors.
- From the top-right corner, click on Add New Connection.
- The Connections page will appear, displaying a list of out-of-the-box connectors that are ready to be configured in your mobile app.
- Click on ADFS SAML Connector from the list.
Step 2 - Configure the Connector
Upon clicking on the ADFS SAML Connector, the New ADFS SAML Connector screen will appear.
Enter the following required details to configure the connector:
- Connector Name - Add a meaningful name for your connection.
- ADFS Endpoint URL - Provide the Federation Service endpoint Uniform Resource Locator (URL) used to contact all federation servers in a server farm.
- Relying Party Trust Identifier - You need to provide the identifier used to identify the relying party to this Federation Service. This identifier iis used when issuing claims to the relying party.
You can click on Advanced Parameters to view and edit the following optional properties:
- ADFS Endpoint Type - Select the ADFS endpoint type. By default, it is WS-Trust 1.3. However, you can select SAML Web SSO from the drop-down menu.
- Default Domain Prefix - If specified, the username field will be prefixed with this value if not already present. (e.g: EXMAPLE\userName for a userName@example.com domain)
- Signing Certificate From - This is the Base 64 encoded certificate for validating signed SAML responses.
Token Encryption Private Key - In this field, enter the Base 64 encoded private key required for decrypting the SAML assertions if applicable.
Enable Signature Verification - By default, this option will be selected. As a result, the signature in SAML assertion is verified first to prevent MIM attacks.
Extra Claims to Include - In this field, enter the list of claims to include in addition to the default claims required by connector. Values should be separated by commas.
Include All Claims - By default, this parameter is True. As a result, all claims (other than required claims) are included and the `Extra Claims To Include` parameter is ignored.
User Principal Name Claim Identifier - Provide this value if you aren't using the default (i.e. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn).
Name Claim Identifier - Provide values for this field if you don't wish to use the default (i.e. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name).
Email Address Claim Identifier - Enter a value in this field if you won't be using the default http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress.
Given Name Claim Identifier - Provide this value if you're not using the default (i.e. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname).
Middle Name Claim Identifier - Enter a value in this field if you're not using the default http://schemas.xmlsoap.org/ws/2005/05/identity/claims/middlename.
Surname Claim Identifier - Provide this value if you're not using the default (i.e. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname).
Group Claim Identifier - Enter this value if you're not going to use the default http://schemas.xmlsoap.org/claims/Group.
Role Claim Identifier - Provide if not using the default (i.e. http://schemas.microsoft.com/ws/2008/06/identity/claims/role).
Linked Authentication Connector - Select an authentication connector from the drop-down menu to link with this connector.
Next, test the connection. Testing the connection allows you to check the accuracy of the data you entered before creating the connector.
Finally, click Save.
Need more help? Contact us at firstname.lastname@example.org