The intention of this article is to provide some guidance for setting up Federated SSO with Archer 6.2. The configuration does assume working knowledge of Security Assertion Markup Language (SAML) and AD FS, but will provide some instruction.
Let's get some of the common questions out of the way first. Yes, this configuration does require AD FS. This is because Archer did not implement SAML Service Provider functionality, so it cannot validate incoming SAML Tokens. Instead, we leverage the functionality already provided by AD FS. If you don't have it, you can install the role on a Windows Server. Microsoft has lots of good information in their Active Directory Federation Services documentation that will help you get up to speed. For the setup I found myself referencing Microsoft's Deployment Guide and ITFreeTraining videos. I especially appreciated the videos on:
- AD FS Components
- Installing an enterprise CA for AD FS
- Installing AD FS on Windows 2012 R2
- Configuring a claims provider trust
- Configuring a relying party trust
If you run into any issues setting up your ADFS or IDP, please contact the vendor for those products.
Once you have AD FS installed, you will need to create the Relying Party Trust to the SP on your IDP and configure the Claim Rules for both the Provider Trust and the Relying Party Trust. On your SP you will then create a Claims Provider Trust with your IDP and a Relying Party Trust with Archer, then configure the Claim Rules for each. Finally, we will configure Archer.
In my example I'm using Active Directory (AD) but this could be Shibboleth, Oracle Identity Manager or any other IDP that supports SAML 2.0. For guidance on configuring AD FS with various IDPs, see Microsoft's AD FS 2.0 Step-by-Step and How To Guides. Use the online links as the downloads do not all work.
In order of operation these articles will guide you through the process.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.