Please enable JS

Prolaborate and ADFS SAML Integration

April 22, 2022

Prerequisites

Your Prolaborate site should have a valid SSL Certificate.

If you don’t have an SSL Certificate, you can create a self-signed certificate yourself. Please get in touch with the Prolaborate team to know more about it.

Service Provider Configuration

To configure the Service Provider, click on Menu ? SAML Single Sign On.

Click Enable SSO at the top of the page that appears.

Under Service Provider Configuration,

Name The name will be prefilled
Assertion Consumer URL Assertion Consumer URL will be Prefilled
Certificate File Choose the .pfx file of your SSL certificate
Certificate Password Enter the Password of the .pfx file

Configuring Prolaborate in ADFS

The following sections will elaborate the steps involved in setting up Prolaborate in ADFS.

Create a new Relying Party Trusts

To create a Relying Party Trusts, follow the below steps:

1. Sign in to the ADFS management using your administrator account

2. Click Tools

3. Select AD FS Management from the List

4. Right-click the Relying Party Trusts and click on Add Relying Party Trust.

5. Select Claims aware and click on Start.

6. Choose Enter data about relying party manually option and click Next.

7. Enter the Display name called Prolaborate ADFS SSO and click Next.

8. Browse the Prolaborate site SSL certificate based on .cer file and click Next.

9. Choose Enable support for the SAML2.0 WebSSO protocol, and fill ‘Relying party SAML 2.0 SSO service URL’ field from Service Provider configuration section (Assertion Consumer URL) in Prolaborate SSO settings and click Next.

10. Fill ‘Relying party trust identifier (Entity ID)’ field from Service Provider configuration section (Name) in Prolaborate SSO settings. Select Add and click Next.

11.Click Next.

12.Click Next.

13.Select Configure claim issuance policy for the application and click Close.

Relying Party Trust properties

Under Relying Party Trusts, double click the created display name (Party Trust Name) to open its properties.

Assertion Consumer Endpoint

Select Endpoints and click Add SAML.

Get Name from Service provider Configuration of Prolaborate and paste it and click OK
For example,

SAML Logout Endpoints

Select SAML Logout as Endpoint type and choose Redirect in Binding.

Get Name from Service provider Configuration of Prolaborate and paste it and click OK
For example,

Signature

Under Signature section, click Add and choose the .cer file of your Prolaborate application SSL certificate and then click OK.

Edit Claim Issuance Policy

Click on the create Party Trusts Name and select Edit claim Issuance Policy under Actions.

1.Click Add Rule

2. Choose Send LDAP Attributes as Claims for Claim rule template and click Next

3. Enter Claim Rule name as Prolaborate ADFS SSO and choose Active Directory as attribute store.

4. Claims type should be configured as below and click Finish,

Claim name Value
Given-Name Given Name
E-mail-Addresses E-mail Address
SAM-Account-Name Name ID
Surname Surname
Token Groups – Unqualified Names Group

Note: The below mentioned values are reused from Azure AD Claims. Please use below mentioned claims in attribute mapping field while configuring in Prolaborate.

Claim name Value
First Name
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
Last Name
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Email
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Group
http://schemas.xmlsoap.org/claims/Group

Click Apply and OK.

Identity Provider Configuration

Fill the Identity Provider Configuration as per the instructions below:

1. Fill out the Name field using Entity ID URL from the ADFS Federation Metadata XML file. You can get the Metadata XML file using the below link.

https://[servername or hostname]/FederationMetadata/2007-06/FederationMetadata.xml

2. Please replace [servername or hostname] with ADFS server name and hit this URL in the browser to download the ADFS Federation Metadata XML file.

3. Sign In URL will be the IDTokenIssuer availed from Windows PowerShell in Server.

4. Enter “Get-AdfsProperties” command in Windows PowerShell and get the value of IDTokenissuer and append it with /ls/idpinitiatedsignon to get the Sign In URL.

For example: http://adfs.prolaborate.com/adfs/services/trust

5. Fill Sign Out URL field using Single Logout Service URL from the ADFS Federation Metadata XML file

6. Certificate File: Choose the .cer using Entity Description ID from the ADFS Federation Metadata XML file. Copy the Entity Description ID and paste it to notepad and save it as IDPcertificate.cer file

Once details are filled out, select the required Access Control Profile from the dropdown menu.

Reference of SAML Configuration

When all the values have been entered into the appropriate fields, the SAML configuration form will resemble the reference image shown below.

Log in with ADFS Credentials

Once the configuration is complete, users will notice a new Login with SSO button on the login page.

When clicking on it, users will be redirected to an URL as per configuration. They can then give their ADFS credentials to login to Prolaborate

Note: The Repositories you see will be based on Default Access Control Profile.

Logging out from Prolaborate

When a user logs out from Prolaborate, the user will be logged out from all applications signed in using their SSO credentials.