Connect ADFS On Premises to Ronspot

What is ADFS?

Active Directory Federation Services, or ADFS, is a Windows operating system feature that allows users to share their identity data inside and outside of Microsoft’s network. It authenticates your credibility using your username and password registered with Microsoft.

In the case of ADFS and Ronspot, it will allow company employees to login to the Ronspot system using their Microsoft credentials, thus not requiring a dedicated username and password.

How is ADFS setup to connect to Ronspot?

Ronspot uses the SAML setup for ADFS. The client needs to provide the following information to their technical contact at Ronspot. This information will be sourced from the clients own ADFS account.

  1. Entity ID: This is the global, unique ID for the SAML entity.
  2. Single Sign-on URL: The URL to use when performing the primary authentication.
  3. ADFS Certificate: This certificate file must be in .crt format and must be sent to your Ronspot technical contact.
  4. Single Logout URL: This is optional, but can be used to redirect the employee when they logout of Ronspot.

Once the above are sent to Ronspot and setup for the customer then the following URL’s need to be added into the customers ADFS account:

1) Single Sign On URL – The location where the SAML assertion is sent with a HTTP POST. This is often referred to as the SAML Assertion Consumer Service (ACS) URL for your application
2) Recipient URL  – The location where the application may present the SAML assertion. This is usually the same location as the Single Sign-On URL
3) Audience URI – SP Entity ID – The application-defined unique identifier that is the intended audience of the SAML assertion. This is most often the SP Entity ID of the application
4) Destination URI – Identifies the location where the SAML response is intended to be sent inside of the SAML assertion. This is useful to prevent malicious forwarding of responses to unintended recipients. This should be the same location as the Single Sign-On URL unless your application explicitly defines a specific value

XAML Attribute

In your organisation ADFS account you need to share the following user attributes with Ronspot as these are required to run the service.

NOTE: The attributes needs to be setup in the exact format as below. For example the email attribute must be set up as user.email and not user-email.

<saml:Attribute Name=”user.email” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:basic”><saml:AttributeValue xsi:type=”xs:string”>john.doe@example.com</saml:AttributeValue></saml:Attribute>

<saml:Attribute Name=”user.lastName” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:basic”><saml:AttributeValue xsi:type=”xs:string”>Doe</saml:AttributeValue></saml:Attribute>

<saml:Attribute Name=”user.firstName” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:basic”><saml:AttributeValue xsi:type=”xs:string”>John</saml:AttributeValue></saml:Attribute>

<saml:Attribute Name=”user.id” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:basic”><saml:AttributeValue xsi:type=”xs:string”>123XYZ456</saml:AttributeValue></saml:Attribute>

 

 

Menu