Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This guide covers the configuration of a Relying Party Trust in AD FS and the corresponding configuration in ResourceXpress. It does not cover the installation or initial configuration of ADFS.

If you intend to restrict access to ResourceXpress to a specific set of users it is recommended you create a relevant Active Directory security group before proceeding with the AD FS configuration.

Enable Forms Authentication in AD FS

Open the AD FS Management utility on your AD FS Server

In the left pane, right-click Authentication Methods and select Edit Primary Authentication Methods…

Ensure Forms Authentication is selected

Create a Relying Party Trust in AD FS

Initial Configuration

Open the AD FS Management utility on your AD FS Server

In the left pane, right-click Relying Party Trusts and select Add Relying Party Trust…

On the initial screen select the Claims aware option then click start

On the Select Data Source screen select the option Import data about the relying party from a file then click Browse…

Expand the below section for instructions on obtaining the application SPMetaData file.

 How to get the SP Metadata

Login to ResourceXpress as an application administrator

Navigate to the SSO Settings tab found on the System Settings page, under the Administration Settings menu header, download the SPMetadata.xml.

Locate the SP Metadata file downloaded from ResourceXpress and click Next >

Enter a suitable display name e.g. ResourceXpress and add optional Notes regarding the application then click Next >

On the Choose Access Control Policy page select the option Permit specific group then click the <parameter> option in the Policy window

In the pop-up Select Groups window click Add… then browse for and add the security groups that will have access to ResourceXpress

Once added click Next > to proceed to the Ready to Add Trust window and click Next > again to save the configuration. You will see the new configuration in the Relying Party Trusts main window

Configuring Attributes

Right-click the newly created configuration and select Edit Claim Issuance Policy… then click Add Rule… in the pop-up window

In the Choose Rule Type window drop down the option Claim rule template: and select Send LDAP Attributes as Claims then click Next >

Give the rule a suitable name and select Active Directory as the Attribute store:

The following tables list the three required claims as well as two optional claims for RFID and Access Code. The optional claims should be configured if you intend to make authenticated instant bookings on Room Screen devices and/or you will not be enabling SSO for the mobile Kiosk/Maps features.

Required Claims

LDAP Attribute

Outgoing Claim Type

E-Mail-Address

email

Given-Name

firstname

Surname

lastname

Optional Claims

LDAP Attribute

Outgoing Claim Type

<custom-attribute> e.g. Employee-ID

rfid

<custom-attribute> e.g. Employee-Number

accesscode

Once you have configured the claims click OK and Apply

You have successfully configured AD FS

Configuring ResourceXpress

Obtaining the IDP MetaData file

Once you have configured AD FS for SSO you will need to download the IDP MetaData file for use in ResourceXpress. To obtain this file navigate to the below URL replacing <ADFS-ServerName> with the FQDN of your AD FS server.

https://<ADFS-ServerName>/FederationMetadata/2007-06/FederationMetadata.xml

Download the file to a suitable location.

Application Configuration

Log in to ResourceXpress with a local administrator account and navigate to Administration Settings - System Settings then select the SSO Settings tab

  • No labels