Single Sign On (SSO)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-19-2017 02:28 PM
Hi Community,
We are planning to do SSO implementation sometimes end of the year. Currently users are authenticated through Active directory.
Has anyone implemented SSO using Active directory? Do i need to have ADFS to implement SSO? Is there any easy way without using ADFS?
Thanks
Ak

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-20-2017 02:56 AM
Hi Amdadul,
The Multi-Provider SSO feature allows organizations to use several SSO identity providers (IdPs) to manage authentication as well as retain local database (basic) authentication.
The integration supports any combination of local and external authentication methods on a single instance:
- LDAP
- SAML 2.0
- Digest Authentication
- Local database authentication
For example, a globally dispersed corporation might require one SSO provider for their employees, a different one for their vendors, and local database authentication for their administrators. Alternatively, a company might implement SAML 2.0 and a digest token authentication solutions on the same instance.
- Multi-Provider SSO properties, tables, and scriptsThe Integration - Multiple Provider Single Sign-On Installer plugin includes the following system properties, tables, and scripts.
- Activate Multi-Provider SSO pluginThis integration requires the Integration - Multiple Provider Single Sign-On Installer plugin.
- Set up Multi-Provider SSOYou must perform several steps to set up Multi-Provider SSO, including configuring properties, creating identity providers (IdPs), and configuring users to use SSO.
- Changes to SAML 2.0 and digest token configurationMultiple provider single sign-on allows administrators to configure SAML 2.0 Update 1 and digest token as authentication methods.
SAML 2.0 single sign-on (SSO) supports integration with Microsoft Active Directory Federation Services (ADFS) 3.0. For information about installing and configuring ADFS, see Active Directory Federation Services Overview.
- Set up ADFS for SAMLThis procedure uses ADFS 2.0 and shows samportal.example.com as the ADFS website. Replace this with your ADFS website address.
- Set up the instance for ADFSAfter you set up ADFS 2.0 or 3.0, set up the instance and SAML 2.0 settings to work with ADFS.
- Configure an ADFS relying partyAt this point you can take the instance metadata and import it into your ADFS server. However, manual configuration of the relying party appears to be easier to implement.
- Configure ADFS relying party claim rulesEdit the Claim rules to enable proper communication with the instance.
- Create a SAML logout endpointCreate a SAML logout endpoint to allow single logout.
- Test the ADFS configurationTest your ADFS configuration to verify that it is properly functioning as an identity provider.
- (Workaround) Enable service provider-initiated authenticationA workaround is available if authentication fails because you do not have SAML 2.0 Update 1. This can happen if users attempt to skip IdP authentication and navigate directly to the instance.
- (Workaround) Support Kerberos authenticationA workaround is available for the SAML 2.0 integration that changes the authentication context from forms-based authentication to Windows-based authentication.
- Source: Link
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-25-2017 03:19 PM
Hi Gaurav,
Thanks for the reply. I was wondering if I already have LDAP authentication (AD), Is there anyway I can implement SSO without using ADFS. As we are having issue to get approval for ADFS.
I will apprecaite any guidance.
Thanks
Ak
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-08-2017 10:10 AM
Hi Islam, Can I have you Mail ID.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-11-2018 02:04 PM
Hi Naresh, My Email address is ak.islam@leidos.com. Thanks Ak