WS-Federation
Last updated
Last updated
WS-Federation requires a license.
WS-Federation supports both Active Directory Federation Services and Azure Active Directory.
You first need to configure ADFS or AzureAD to support Universal.
These are the current Federation Service settings for our domain.
You need to configure the following Relying Parties settings for Universal. On the Identifiers tab, provide the URL to the Universal website. HTTPS is required.
On the Endpoints tab. You'll need to include a WS-Federation Passive Endpoint. Make sure to include the trailing slash.
You can configure additional claims you'd like to use if you are using policies in Universal.
Follow the documentation for the Azure Active Directory configuration found on this Microsoft Document.
After configuring ADFS or AAD, you can now provide the properties to Universal for the MetadataAddress and Wtrealm. Read about these settings on the our Settings page.
Here is an example of how to update the appsettings.json
file to accommodate the correct settings for WS-Federation.
When running your server, you should now be prompted for your credentials either via the Internet Explorer single-sign system or you will be forwarded to the WS-Fed login page.
You can configure WS-Federation authentication in the admin console. To do so, navigate to Security \ Authentication. Add the WS-Federation provider by selecting it from the drop down in the top right.
Next, edit the properties of the authentication provider and specify the configuration details for your ADFS setup.
Once configured, enable the WS-Federation provider. Then, log out and navigate to /admin
You will be prompted to login to your WS-Federation provider.
Finally, you'll need to configure a Claim Issuance Policy for the Relying Party Trust. Create an Issuance Transform Rule that sends at least the Name and Name ID to Universal.