DualShield Configuration [MS-SP]

Create a Web Logon Procedure 

1. Login to the DualShield Administration Console
2. In the main menu, navigate to “Authentication | Logon Procedures”
3. Click the “+Create” button on the toolbar
4. Enter a suitable “Name”, then select 'Type' from the drop-down as "Web SSO".
   
   
   
   
5. Click “Save” to confirm creation.
6. Click back on the context "..." menu of the newly created Logon Procedure, then select “Logon Steps”
7. In the popup window on the right, select "+ ADD" button, to add a new authentication method.
8. Select from the list the required authentication method, i.e. “Static Password” (AD Password)
9. Click "Save" to add the Step.
10. Repeat 7 - 9 for any additional authentication steps you wish to use:
    
    
    
    

Create a Web Application 

1. In the main menu, navigate to “Authentication | Applications”
2. Click the “+ CREATE” button in the toolbar
3. Enter an appropriate “Name”
4. Select the internal “Realm”
5. Select the Logon Procedure created previously. 
   
   
   
   
6. Click "SAVE" to complete the Application creation.
7. Click the context "..." menu of the newly created application, then "Agents"
   
   
   
   
8. Select the "Single Sign-on Server | SSO Server"
9. Click "SAVE" button to confirm.
   
   
10. Click the context "..." menu of the newly created Application, then "Self Test" to confirm all components are correctly associated.
    
    

Create a new Service Provider

1. In the main menu, navigate to "SSO | Service Providers"
2. Click the "+ CREATE" button
3. Select the "Single Sign-on Server"
4. Select the Sharepoint "Application" created previously
5. Enter a suitable "Name"
6. Select 'Type' as "WS-Federation" 
   
   
   
   
7. Click the 2nd tab named "Attributes"
8. Select the "+ CREATE" button
   
   You need to create an Attribute that matches "RoleClaims" and "Identity Claims", as specified in the PowerShell scripts that will be created in the SharePoint Configuration section.   
   
   
9. Select 'Location' as "HTTP Body"
10. Enter an appropriate "Name"
11. The 'Format' select from the drop-down "attrname-format:url"
12. Within 'Value' select "Fixed Value" and set the Value as the actual name specified in the RoleClaims (replacing "NameOfRole" in this field). As per the following article:  Link Groups Script
13. From the drop-down, set the 'Claim Type' as setting "http://schemas.microsoft.com/ws/2008/06/identity/claims"
    
         
    
    14. Click "SAVE" button to confirm creation of new Attribute.
    
    
    Next create 'Identity Claims attributes' that will be mapped to AD Attributes. There would usually be 3 attributes, containing emailaddress, givenName and Surname (see SSO Script article)
    
    
    You are able to map AD Attributes as follows.
    16. Selecting 'Value' as "Maps to an identity attribute"
    17. Then click the magnifying glass, to the right of the field....
    18. Here you can change "Identity Source" to your internal AD Domain
    19. Then "Maps To" you can select a specific Attribute from Active Directory. ie: "Email"....
     
         
    
         
    
    Ensure checkbox "Return in Response" is enabled on all your Attributes.
    
    20. Click "SAVE" to create the new Attribute.
    21. Repeat for the other Attributes. Then you should have all 3 setup, like follows:
    
         
    
    
    22. Finally click "SAVE" to confirm creation of these new Attributes.