For what it's worth, I was able to get this working. Staff are able to login via Azure SSO and I have a tile in the Office365 apps portal.
I would be interested to know how you achieved this or whether you could give some insite on the alignment of option sin WHD to Azure AD SSO.
Thanks in advance
I would also be very interested in learning how you were able to get this working.
2 of 2 people found this helpful
Here are the settings I used.
- In Azure, use the "Add application" button and then select the "Non-gallery application" button.
- In the Single Sign-on section, select "SAML-based Sign-on" for the Single Sign-on Mode
- Check the "Show advanced URL settings" checkbox.
- In the Identifier, Reply URL and Sign on URL fields enter https://<your WHD domain>/helpdesk/WebObjects/Helpdesk.woa
- In the User Attributes section, choose "ExtractMailPrefix()" for User Identifier and "user.mail" for Mail.
- Download the certificate (create if needed) and the Metadata XML files
- Assign at least one user to the application for use in testing SSO logins.
- Under Settings -> General -> Authentication, Select SAML 2.0 from the Authentication Method drop-down
- Upload the certificate you downloaded from Azure to the "Verification Certificate" field.
- Open the XML file you downloaded and scroll to the very end of the file. Just before the end of the file you will find an URL, https://login.microsoftonline.com/<your identifier>/saml2. where "<your identifier>" will be your unique ID.
- Copy this URL from the XML file and paste it into the "Sign-in page URL" field
- Check the "Show Password Settings" checkbox.
- In the "Logout URL" field, paste the following URL: https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0
- Click Save and you should be done
This was super easy to follow and helpful. One minor change:
Azure Step 5. In User Attributes & Claims, change "nameidentifier" to 'Source attribute' = user.onpremisessamaccountname
WHD uses SAM Account for 'User Name' which has a char limit of 20. "ExtractMailPrefix(user.mail)" will return values greater than 20 char which wont map to the WHD user in rare cases of users with longer names.