WS-Fed Example

Steps

Attribute definition

First of all, will be mandatory to create two new attributes

User principal name
AD SID

Bear in mind, that those attributes have to be retrieved from the appropriate system:

And those attributes have to be defined in the object metadata:

Define the proper attribute policy

Service Provider

Configure Exchange

Finally, you must configure the Exchange.

1.- Upload the SAML certificate to the certificate repository

2.- Search for the thumbprint of the certificate:

Set-Location Cert:\LocalMachine\Root; Get-ChildItem | Short-Object Subject

3.- From the Exchange Management Shell, run:

Set-OrganizationConfig -AdfsIssuer https://gbr.idp.demo.soffid.net/profile/wsfed `
   -AdfsAudienceUris "https://gbr.owa.demo.soffid.net/owa/","https://gbr.owa.demo.soffid.net/ecp/"  `
   -AdfsSignCertificateThumbprint "XXXXXXXXXXXXXXXX"

Set-OWAVirtualDirectory -Identity "OWA (Default Web Site)" -AdfsAuthentication $true   `
  -BasicAuthentication $false -DigestAuthentication $false -FormsAuthentication $false `
  -WindowsAuthentication $false

Set-ECPVirtualDirectory -Identity "ECP (Default Web Site)" -AdfsAuthentication $true   `
  -BasicAuthentication $false -DigestAuthentication $false -FormsAuthentication $false `
  -WindowsAuthentication $false

net stop was /y

net start  w3svc

The server must be up to date. Otherwise WS-Fed will reject the response

SAML (Security Assertion Markup Language)

SAML architecture

SAML Example

OpenID-Connect

OpenID-Connect architecture

OpenID-Connect example

CAS (Central Authentication Service)

CAS architecture

CAS Example

Radius (Remote Authentication Dial-In User Service)

Radius architecture

Radius Example

TACACS+ (The Terminal Access Controller Access-Control System Plus)

TACACS+ architecture

TACACS+ Example

WS-Fed

WS-Fed Architecture

WS-Fed Example

⏰ Getting started

Attribute definition

Attribute sharing policies

Identity & Service providers

Shared signals & events members

Entity Group

Identity Provider

Service Provider

Virtual Identity Provider

Profiles

OpenIDProfile

SAML1ArtifactResolutionProfile

SAML1AttributeQueryProfile

SAML2ArtifactResolutionProfile

SAML2AttributeQueryProfile

SAML2ECPProfile

SAML2SSOProfile

CAS

Radius

ESSO

How to deploy the identity & service provider

Change Password URL

How to perform unsolicited login

Connecting an OpenID Connect service

Connecting a SAML service

Connecting Soffid console

Connecting your custom applications

Openid-connect to SAML interoperability

Openid-connect Dynamic Register

Connecting CAS client

Connecting Tacacs+

Connecting Radius client

validate-domain

validate-credentials

expire-session

generate-saml-request

parse-saml-response

generate-saml-logout-request

Soffid IdP as an identity broker

External oAuth / OpenID Identity Providers

WS-Fed Example

Steps

Attribute definition

Attribute sharing policies

Service Provider

Configure Exchange