Prolaborate and ADFS SAML Integration
Prolaborate and ADFS SAML Integration
Prerequisites
Your Prolaborate site should have a valid SSL Certificate.
If you don’t have an SSL Certificate, you can create a self-signed certificate yourself. Please get in touch with the Prolaborate team to know more about it.
Service Provider Configuration
To configure the Service Provider, click on Menu> SAML Single Sign On.
Click Enable SSO at the top of the page that appears.
Under Service Provider Configuration,
| Name | The name will be prefilled |
|---|---|
| Assertion Consumer URL | Assertion Consumer URL will be Prefilled |
| Certificate File | Choose the .pfx file of your SSL certificate |
| Certificate Password | Enter the Password of the .pfx file |
Configuring Prolaborate in ADFS
The following sections will elaborate the steps involved in setting up Prolaborate in ADFS.
Create a new Relying Party Trusts
To create a Relying Party Trusts, follow the below steps:
1. Sign in to the ADFS management using your administrator account
2. Click Tools
3. Select AD FS Management from the List
4. Right-click the Relying Party Trusts and click on Add Relying Party Trust.
5. Select Claims aware and click on Start.
6. Choose Enter data about relying party manually option and click Next.
7. Enter the Display name called Prolaborate ADFS SSO and click Next.
8. Browse the Prolaborate site SSL certificate based on .cer file and click Next.
9. Choose Enable support for the SAML2.0 WebSSO protocol, and fill ‘Relying party SAML 2.0 SSO service URL’ field from Service Provider configuration section (Assertion Consumer URL) in Prolaborate SSO settings and click Next.
10. Fill ‘Relying party trust identifier (Entity ID)’ field from Service Provider configuration section (Name) in Prolaborate SSO settings. Select Add and click Next.
11.Click Next.
12.Click Next.
13.Select Configure claim issuance policy for the application and click Close.
Relying Party Trust properties
Under Relying Party Trusts, double click the created display name (Party Trust Name) to open its properties.
Assertion Consumer Endpoint
Select Endpoints and click Add SAML.
Get Name from Service provider Configuration of Prolaborate and paste it and click OK
For example,
SAML Logout Endpoints
Select SAML Logout as Endpoint type and choose Redirect in Binding.
Get Name from Service provider Configuration of Prolaborate and paste it and click OK
For example,
Signature
Under Signature section, click Add and choose the .cer file of your Prolaborate application SSL certificate and then click OK.
Edit Claim Issuance Policy
Click on the create Party Trusts Name and select Edit claim Issuance Policy under Actions.
1.Click Add Rule
2. Choose Send LDAP Attributes as Claims for Claim rule template and click Next
3. Enter Claim Rule name as Prolaborate ADFS SSO and choose Active Directory as attribute store.
4. Claims type should be configured as below and click Finish,
| Claim name | Value |
|---|---|
| Given-Name | Given Name |
| E-mail-Addresses | E-mail Address |
| SAM-Account-Name | Name ID |
| Surname | Surname |
| Token Groups – Unqualified Names | Group |
Note: The below mentioned values are reused from Azure AD Claims. Please use below mentioned claims in attribute mapping field while configuring in Prolaborate.
| Claim name | Value |
|---|---|
| First Name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname |
| Last Name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
|
| Group | http://schemas.xmlsoap.org/claims/Group |
Click Apply and OK.
Identity Provider Configuration
Fill the Identity Provider Configuration as per the instructions below:
1. Fill out the Name field using Entity ID URL from the ADFS Federation Metadata XML file. You can get the Metadata XML file using the below link.
https://[servername or hostname]/FederationMetadata/2007-06/FederationMetadata.xml
2. Please replace [servername or hostname] with ADFS server name and hit this URL in the browser to download the ADFS Federation Metadata XML file.
3. Sign In URL will be the IDTokenIssuer availed from Windows PowerShell in Server.
4. Enter “Get-AdfsProperties” command in Windows PowerShell and get the value of IDTokenissuer and append it with /ls/idpinitiatedsignon to get the Sign In URL.
For example: https://adfs.prolaborate.com/adfs/ls/idpinitiatedsignon
5. Fill Sign Out URL field using Single Logout Service URL from the ADFS Federation Metadata XML file
6. Certificate File: Choose the .cer using Entity Description ID from the ADFS Federation Metadata XML file. Copy the Entity Description ID and paste it to notepad and save it as IDPcertificate.cer file
Once details are filled out, select the required Access Control Profile from the dropdown menu.
Reference of SAML Configuration
When all the values have been entered into the appropriate fields, the SAML configuration form will resemble the reference image shown below.
Log in with ADFS Credentials
Once the configuration is complete, users will notice a new Login with SSO button on the login page.
When clicking on it, users will be redirected to an URL as per configuration. They can then give their ADFS credentials to login to Prolaborate
If you’re experiencing challenges signing in using SSO, go at SAML Assertion Validation to debug the SAML configurations.
Note
The Repositories you see will be based on Default Access Control Profile.
Logging out from Prolaborate
When a user logs out from Prolaborate, the user will be logged out from all applications signed in using their SSO credentials.
