Ephesoft configuration with ADFS over SAML 2.0 with Authentication Type 1 and Authorization using Active Directory
This wiki provides you details related to what all configuration needs to be taken care of when configuring Ephesoft with ADFS over SAML 2.0 with Authentication Type 1. Authentication Type 1 means we are authenticating using SSO but authorizing using Tomcat, LDAP or Active Directory. In this article we will focus on Authorization with Active Directory.
How Does Authentication with SSO and Authorization with Active Directory works ?
- We only provide authentication details to the Identity Provider.
- Identity provider verifies the validity of the user and sends back acknowledgement as a part of SAML Response.
- If validation is successful the selected Authorization method is taken into consideration. If user.connection is set to value 1 then authorization happens using Active Directory.
- Username received as response is matched with the groups / roles fetched from Active Directory.
- This role matches with user.super_admin property in application.properties and if match is good then the user is provided with super admin access else user gets access based on the Roles defined Access Manager.
- Active Directory Federation Services Installed
- Active Directory Installed.
- Ephesoft Transact 188.8.131.52 or onwards Installed
- Understanding and already configured the files as mentioned in Checklist: Ephesoft with ADFS over SAML 2.0 with Authentication Type 1 and Authorization using Tomcat article.
Configuration Files Required
- Already listed files in wiki article Checklist: Ephesoft with ADFS over SAML 2.0 with Authentication Type 1 and Authorization using Tomcat
- Configuration changes are required in application.properties, server.xml and user-connectivity.properties file
- Complete the configuration changes already mentioned in the wiki article Checklist: Ephesoft with ADFS over SAML 2.0 with Authentication Type 1 and Authorization using Tomcat
- Add the realm configuration for Active Directory as shown in the screenshot below
- Please note that you need to change connectionURL, connectionName, connectionPassword, userBase, roleBase properties as per your Active Directory structure.
- Download the sample server.xml from here.
- Make required changes in user-connectivity.properties file as shown in the screenshot below
- Please note that you need to change the properties as per your Active Directory structure.
- Download the sample user-connectivity.properties from here.
- This file is used to define Super Admin Group Names.
- Two properties that require change is user.super_admin where we define super admin groups and update_super_admin_group where we will need to change the flag to true.