This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SAML 2.0 Authentication with Azure SSO?

Hello all,

Has anyone been able to successfully set up SAML 2.0 Authentication in WHD with Azure AD SSO? I know Azure AD is SAML 2.0 compliant but the information requested by WHD and Microsoft Azure don't align and have not been able to get it working.

Hoping someone here has done this before and can save me some time and hassle.

Thanks,

Craig

Parents
  • Here are the settings I used.

    In Azure

    1. In Azure, use the "Add application" button and then select the "Non-gallery application" button.
    2. In the Single Sign-on section, select "SAML-based Sign-on" for the Single Sign-on Mode
    3. Check the "Show advanced URL settings" checkbox.
    4. In the Identifier, Reply URL and Sign on URL fields enter https://<your WHD domain>/helpdesk/WebObjects/Helpdesk.woa
    5. In the User Attributes section, choose "ExtractMailPrefix()" for User Identifier and "user.mail" for Mail.
    6. Download the certificate (create if needed) and the Metadata XML files
    7. Assign at least one user to the application for use in testing SSO logins.

    In WHD

    1. Under Settings -> General -> Authentication, Select SAML 2.0 from the Authentication Method drop-down
    2. Upload the certificate you downloaded from Azure to the "Verification Certificate" field.
    3. Open the XML file you downloaded and scroll to the very end of the file. Just before the end of the file you will find an URL, https://login.microsoftonline.com/<your identifier>/saml2. where "<your identifier>" will be your unique ID.
    4. Copy this URL from the XML file and paste it into the "Sign-in page URL" field
    5. Check the "Show Password Settings" checkbox.
    6. In the "Logout URL" field, paste the following URL: https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0
    7. Click Save and you should be done emoticons_happy.png
  • Thanks for this information. Is it possible to use LDAP and SAML side-by-side to be allow users who are not in the connected AzureAD tenant to login using their company credentials?

  • I don't think so, if you are using AzureAD for your login, they have to be within this Tenant or Multiple trusted Tenants. You will need to use a third party SAML like Okta which can validate against multiple sources.

Reply Children