2 Replies Latest reply on Jan 31, 2014 5:39 AM by conners

    WebHelpDesk SSO using ADFS 2.0 & SAML 2.0

    bleitson

      I am attempting to get SSO working for WebHelpDesk using ADFS 2.0 and I am unable to get the authentication to work properly.

       

      Information about our setup:

      WebHelpDesk 12.0.0 Hotfix 1

      WebHelpDesk Server is encrypted with a SSL Certificate from GoDaddy

      ADFS Server is encrypted with a SSL Certificate from GoDaddy

       

      When anyone accesses the WebHelpDesk, it redirects them to our ADFS Server correctly, appears to authenticate them correctly, but when it passes the token back to WebHelpDesk, they are not logged in. They are presented with a standard WebHelpDesk login screen.

       

      As of now, I have the "Signature" for the RP settings using the "ADFS Signing" certificate generated by the ADFS Server. The "Encryption" for the RP Settings is using the SSL Certificate from GoDaddy that is securing the IIS website and the "Service Communications".

      The WebHelpDesk is using the "ADFS Signing" certificate generated by the ADFS Server.

       

      Because the WebHelpDesk is redirecting users to the ADFS Server which appears to be authenticating correctly, I believe my issue lies somewhere with the Token-Signing & Token-Decrypting Certificates but I am not 100% sure of that.

       

      Any help would be GREATLY appreciated.

        • Re: WebHelpDesk SSO using ADFS 2.0 & SAML 2.0
          winuxguy

          Hi,

           

          Try the following:

           

          1. Do not set anything in the Signature nor Encryption tabs of the RP settings

          2. In your ADFS server, export the "Token-signing" certificate and use that for the Verification certificate in "Setup > General > Authentication"

           

          Then for the logout if you'd like to use that too:

          0. open ADFS Managment

          1. Click on Relying Party Trust

          2. Select your WHD Relying Party Trust (in your case, ihelp)

          3. Select Endpoint tab

          4. Add new one

          5. Select SAML Logout; POST; URL "https://<ADFS_Server_IP/domain_name>/adfs/ls/?wa=wsignout1.0" and Save changes.

           

           

          Use the same logout URL in WHD.

          • Re: WebHelpDesk SSO using ADFS 2.0 & SAML 2.0
            conners

            The bit that you are missing is the issuance transform rule in ADFS on the RP trust as a claim rule, create one using AD as the source change SAM-Account-Name to NameID