You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Current »

Create a Web Logon Procedure 

  1. Login to the DualShield Administration Console
  2. In the main menu, navigate to “Authentication | Logon Procedures”
  3. Click the “+Create” button on the toolbar
  4. Enter a suitable “Name”, then select 'Type' from the drop-down as "Web SSO".



  5. Click “Save” to confirm creation.
  6. Click back on the context "..." menu of the newly created Logon Procedure, then select “Logon Steps”
  7. In the popup window on the right, select "+ ADD" button, to add a new authentication method.
  8. Select from the list the required authentication method, i.e. “Static Password” (AD Password)
  9. Click "Save" to add the Step.
  10. Repeat 7 - 9 for any additional authentication steps you wish to use:



Create a Web Application 

  1. In the main menu, navigate to “Authentication | Applications”
  2. Click the “+ CREATE” button in the toolbar
  3. Enter an appropriate “Name”
  4. Select the internal “Realm”
  5. Select the Logon Procedure created previously. 



  6. Click "SAVE" to complete the Application creation.
  7. Click the context "..." menu of the newly created application, then "Agents"



  8. Select the "Single Sign-on Server | SSO Server"
  9. Click "SAVE" button to confirm.

  10. Click the context "..." menu of the newly created Application, then "Self Test" to confirm all components are correctly associated.


Create a new Service Provider

  1. In the main menu, navigate to "SSO | Service Providers"
  2. Click the "+ CREATE" button
  3. Select the "Single Sign-on Server"
  4. nt, and enter "Name"
  5. Select "Type" as "WS-Federation" 



  6. Click on the "Edit" button to add Attributes

You now need to add attributes that match the 'RoleClaims' and 'identity claims' as specified in the Powershell scripts that will be set up and run in the 'SharePoint Configuration' section.

5. Click 'Create'

6. Create an attribute for the 'RoleClaims'. This will have a fixed value which will contain the name of the role you have setup in the Link Groups script

 

(Remember to replace NameOfRole with the actual name specified in the RoleClaims)

7.  You now create the 'identity claims attributes' which will be mapped to AD attributes.  There are usually three attributes containing emailaddressgivenname and surname. (see enable SSO script)

You can map a value as follows:

In the "Maps To" section click on the corresponding search button

Here you will select the Identity Source corresponding with your domain and choose the Email identity attribute from the drop down list.

Remember to make sure Return Response is enabled on all your attributes.

Click Save

8. Repeat the process for givenname and surname attribute mappings until you get a list as below:

9. Click "Save"

10. Click "Save" at the bottom of the New Service Provider window.






  • No labels