DOCUMENTATION PORTAL
senior X Platform
Note: This page was translated using automation resources with the purpose of providing content in your language more quickly. Consequently, it may have grammatical errors and similar situations. If the content is not useful in this state, in the page footer you can access the original material in Brazilian Portuguese and also give us opinions on this translation.
senior X Platform - User Manual> Definitions> Authentication> SAML> Configuring SAML Authentication with ADFS

Configuring SAML Authentication with ADFS

SAML authentication is responsible for exchanging authentication and authorization data between an identity provider and a service provider. In this way, the senior X Platform acts as a service provider that takes advantage of users already existing in the identity provider, for example ADFS (Active Directory Federation Services).

Regardless of the authentication method chosen, do not use spaces in the user name to access the platform.

Important

LDAP and SAML authentication settings may vary depending on the software used. Therefore, contact the IT Services - Consulting area to carry out the necessary configurations.

ClosedConfiguring ADFS for the platform

To configure ADFS for the platform, it is necessary to use a specific digital certificate for the tenant, which is provided by Senior when creating the tenant.

  1. Connect to the Active Directory server and run the ADFS Management application;
  2. On the menu, in the Trust Relationships folder, right-click the Relying Party Trusts folder, and then clickAdd Relying Party Trust…;
  3. In the Add Relying Party Trust Wizard clickStart;
  4. In the Select Data Source step, select the optionEnter data about the relying party manually and clickNext;
  5. In the Specify Display Name step, in the fieldDisplay Name, enter SeniorX and clickNext;
  6. In the Choose Profile step, keep the AD FS profile option selected and clickNext;
  7. click inNext in the Configure Certificate step. The certificate is made available when the tenant is requested via SARA, an email is sent to the consultant with the link to download a .zip where the certificate is inside the SAML folder in .jks format (if you do not have the certificate or need it in other format, contact senior X Platform support);
  8. In the Configure URL step, select the optionEnable support for the SAML 2.0 WebSSO protocol is atRelying party SAML 2.0 SSO service URL report https://platform.senior.com.br:9443/commonauth. Then clickNext;
  9. In the Configure identifiers step,Relying party trust identifier report SeniorX and clickAdd. Then clickNext;
  10. click inNext in the Configure Multi-factor Authentication Now? step;
  11. In the Choose Issuance Authorization Rules step, keep the option selectedAllow all users to access the relying party and clickNext;
  12. click inNext in the Ready to Add Trust stage;
  13. In the Finish step, keep the option selectedOpen the Edit Claim Rules dialog for this relying party trust when the wizard closes and clickClose.
ClosedAdd Claim Rules

After these settings, the Edit Claim Rules for SeniorX screen will open:

  1. On the Issuance Transform Rules tab, clickAdd Rule;
  2. In the Add Transform Claim Rule Wizard, in the Choose Rule Type step, keep the Send LDAP Attributes as Claims option selected and clickNext;
  3. In the Configure Claim Rule step:
    • Claim rule name: SAM-Account-Name -> User Name
    • attribute store : Active Directory
    • Mapping of LDAP attributes to outgoing claim types:
      • LDAP Attribute : SAM-Account-Name
      • Outgoing Claim Type :UserName
  4. click inFinish
    • and add one more rule:
      • C
    • laim rule name
    • : Display-Name -> Name
        attribute store
      • : Active Directory
        • Mapping of LDAP attributes to outgoing claim types
      • :
        • LDAP Attribute
      : Display-Name
    Outgoing Claim Type :Name
  5. click inFinish
    • and add one more rule:
      • C
    • laim rule name
      • : User-Principal-Name -> Email Address
    • attribute store
        : Active Directory
      • Mapping of LDAP attributes to outgoing claim types
        • :
      • LDAP Attribute
        • : User-Principal-Name
    Outgoing Claim Type : E-Mail Address
  6. click inFinish;
  7. In the Choose Claim Rule step, add one more rule. InClaim rule template select Transform an Incoming Claim and clickNext;
  8. In the Configure Claim Rule ste
      p:
    • Claim rule name
      • : User Name -> Name ID
    • Incoming claim type
      • :UserName
    • Outgoing claim type
      • :NameID
  9. click inFinish and close the Add Transform Claim Rule Wizard screen;
  10. In the AD FS Management application, in the Relying Party Trusts folder, right-click SeniorX, and then clickProperties;
  11. On the SeniorX Properties screen, on the Signature tab, clickAdd.. and select the certificate obtained with Senior;
  12. On the Endpoints tab, clickAdd SAML...
    • and report
    • :
    • Endpoint type: SAML Logout
    • Binding: POST
    Trusted URL: enter the external ADFS URLResponse URL: https://platform.senior.com.br/commonauth
  13. click inOK ;
  14. click inApply is atOK To finish, go to ADFS settings.

Before starting to configure authentication on the senior X Platform, still in the AD FS Management application, in the Service folder, click on Claim Descriptions and note the values for Claim Type, claimsUsername,Email Address It isName. These values will be used for authentication on the platform.

ClosedSAML authentication
  1. Access the platform with the tenant administrator user;
  2. Go to Technology > Administration > Tenant Management > Configure, select the tenant and clicksettings;
  3. On the Authentication tab, change the authentication type to "SAML Authentication";
  4. In SAML Settings, enter:
    • SAM
    • L request redirect URL: https://platform.senior.com.br/auth/LoginWithCodeServlet
    • Identity Provide
    • r Entity ID: https://<ADFS URL>/adfs/services/trust
    • Service Provider Ent
    ity ID : SeniorX (value previously defined in the ADFS configurationURL to login: https://<Customer ADFS URL>/adfs/lsURL to log out: https://<Customer ADFS URL>/adfs/ls/?wa=wsignout1.0
  5. Under SAML User Data:
    • Claim that defines the user's username: claim type of claim User Name
    • Claim that defines the user's email : claim type of claim E-Mail Address
    • Claim that defines the user's full name : claim type of claim Name
    • Role that will be defined for new users: determine the role that the user will receive on their first login via ADFS
  6. click inTo save to complete the settings.

To test the configuration, open another browser or an incognito tab in the same browser and access the platform's URL, entering the tenant's domain in the URL.

ClosedExample:

https://login.senior.com.br/login/?redirectTo=https%3A%2F%2Flogin.senior.com.br&tenant=tenant.com.br

If the configuration is correct, a redirection will be automatically made to the ADFS login screen. When providing valid credentials, you will be redirected to the already authenticated senior X Platform. Confirm that all user data is correct according to your profile on the platform. If any attribute is incorrect, review the claims part, both in ADFS and in the senior X Platform.

Important

Currently, it is not possible to integrate roles through SAML/ADFS integration for the senior X Platform. The linking of these roles must be done manually.

Did this article help you?

Knowledge base

Legal Requirements Portal

Documentation in other languages:

English

Spanish

seniorX Store

corporate University

Product Forum

Work with us

Blog

All copy rights reserved to Senior Sistemas SA

Unauthorized reproduction of this publication, in whole or in part, constitutes copyright infringement (Law 9,610/98).

Open topic with navigation