Microsoft AD FS
This guide shows how to set-up Active Directory Federation Services as an identity provider
The AD FS 2016 should be set up and configured. But it should work with AD FS 2012 R2
To create application group for Aidbox:
- 1.Open AD FS Management console
- 2.Open the Application Groups item in the left sidebar
- 3.Press the
Add Application Groupbutton in the right sidebar - 4.On the Welcome page of the Wizard
- 1.Define the name of the application
- 2.Provide the description
- 3.Chose the
Server applicationtype
- 5.Press the Next button
Add Application Group Wizard welcome page
- 6.Copy the Client Identifier. We will use it later during the IdentityProvider resource creation
- 7.Add the
redirect_uriand press the Add button. Redirect uri should look like thishttps://aidbox.example.com/auth/callback/adfs - 8.Press the Next button
- 9.Check the Generate a shared secret checkbox
- 10.Copy generated secret. We will use it later during the IdentityProvider resource creation
- 11.Press the Next button
- 12.Review the summary
- 13.Press the Next button
- 14.Press the Close button
To create IdentityProvider in Aidbox use REST Console
POST /IdentityProvider
id: adfs
resourceType: IdentityProvider
title: AD FS on Prem # button label on the Aidbox login page
scopes:
- profile
- openid
system: adfs
authorize_endpoint: https://<adfs-domain>/adfs/oauth2/authorize/
token_endpoint: https://<adfs-domain>/adfs/oauth2/token/
userinfo_endpoint: https://<adfs-domain>/adfs/userinfo
userinfo-source: id-token | userinfo-endpoint
client:
id: <your client id> # client id issued by AD FS
secret: <your client secret> # shared secred issued by AD FS
active: true
To login to Aidbox with AD FS:
- 1.Open Aidbox front-page
- 2.Press the Login with AD FS on Prem
- 3.Enter your domain credentials in AD FS login page
Then user is redirected back to Aidbox, and Aidbox logs user in.
Last modified 1mo ago