Versions Compared

Old Version 10

changes.mady.by.user Daniel.Juleff

Saved on

compared with

New Version Current

changes.mady.by.user Daniel.Juleff

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated Images and Syntax

...

  1. In the main menu, navigate to "SSO | Service Providers"
  2. Click the "+ CREATE" button
  3. Select the "Single Sign-on Server"
  4. Select the Sharepoint "Application" created previously
  5. Enter a suitable nt, and enter "Name"
  6. Select "'Type" ' as "WS-Federation" 
    Image Removed
    Image Added

  7. Click on the 2nd tab named "Attributes"
  8. Select the "Edit+ CREATE" button to add Attributes

...



  1. You

...

  1. need to

...

  1. create an Attribute that matches "RoleClaims" and "Identity Claims", as specified in the

...

  1. PowerShell scripts that will be

...

  1. created in the

...

  1. SharePoint Configuration

...

  1. section.   

...


  2. Select '

...

  1. Location'

...

Image Removed

6. Create an attribute for the 'RoleClaims'. This will have a fixed value which will contain the name of the role you have setup in the Link Groups script

Image Removed 

...

  1. as "HTTP Body"
  2. Enter an appropriate "Name"
  3. The 'Format' select from the drop-down "attrname-format:url"
  4. Within 'Value' select "Fixed Value" and set the Value as the actual name specified in the RoleClaims

...

  1. (replacing "NameOfRole" in this field). As per the following article:  Link Groups Script
  2. From the drop-down, set the 'Claim Type' as setting "http://schemas.microsoft.com/ws/2008/06/identity/claims"

          Image Added

    14. Click "SAVE" button to confirm creation of new Attribute.


    Next create 'Identity Claims attributes' that will be mapped to AD

...

  1. Attributes.

...

  1. There

...

  1. would usually

...

  1. be 3 attributes, containing emailaddress,

...

  1. givenName and

...

  1. Surname (

...

  1. see SSO

...

  1. Script article)


    You

...

  1. are able to map AD Attributes as follows

...

Image Removed

In the "Maps To" section click on the corresponding search button

Image Removed

Here you will select the Identity Source corresponding with your domain and choose the Email identity attribute from the drop down list.

Image Removed

...

  1. .
    16. Selecting 'Value' as "Maps to an identity attribute"
    17. Then click the magnifying glass, to the right of the field....
    18. Here you can change "Identity Source" to your internal AD Domain
    19. Then "Maps To" you can select a specific Attribute from Active Directory. ie: "Email"....
     
          Image Added

          Image Added

    Ensure checkbox "Return in Response" is enabled on all your

...

  1. Attributes.

Click Save

...


  1. 20. Click "SAVE" to create the new Attribute.
    21. Repeat

...

Image Removed

9. Click "Save"

...

  1. for the other Attributes. Then you should have all 3 setup, like follows:

          Image Added


    22. Finally click "SAVE" to confirm creation of these new Attributes.