It is possible to configure ADFS to work with Projector's Single Sign On feature. This page will walk you through a general configuration. This page assumes that the AD FS 2.0 snap-in is already installed and configured for your organization. |
To use ADFS with Projector, you need the following components.
Steps to add Projector as a relying party trust.
Go to ADFS | Trust Relationships | Relying Party Trust, Choose Add Relying Party Trust.
This starts the configuration wizard. Click Start.
Choose Enter data about the relying party manually
Set Display Name to ProjectorPSA
Choose the radio button for AD FS profile
Click Next
Tick the checkbox for Enable support for the SAML 2.0 WebSSO protocol. In the URL field enter your ACS URL. It will be in the format:
https://app.projectorpsa.com/Saml2Assert/YourAccountCode |
Your account code is visible by logging into Management Portal and looking at the lower left of corner of the application. Or, you can ask Projector support for your ACS URL.
Enter ProjectorPSA. Click Add.
Choose radio button for I do not want to configure multi-factor authentication settings for this relyign party trust at this time
Choose radio button Permit all users to access this relying party
No changes are necessary here. Click tabs to review your settings.
Tick the checkbox Open the Edit Claim Rules dialog for this relying party trust when the wizard closes
After completing the wizard for adding a relying party trust, you'll end up here to create your claim rules. You can also reach this editor by going to the AD FS snap-in | Trust Relationships | Claims Provider Trusts.
You'll need to set up two claim rules to process incoming and outgoing requests.
Follow these steps to create your first claim rule.
Follow these steps to create your second claim rule.
Save your x.509 certificate to file.
Go to AD FS | Service | Endpoints. Copy the SAML 2.0/W-Federation URL. If you chose the defaults for the installation, this will be your doman, ending in /adfs/ls/.
Log into /wiki/spaces/dev/pages/10028249 and on the Integration tab enter your endpoint URL and upload your x.509 certificate. You'll likely need your Projector Administrator to do this for you.
As SHA-1 has known security vulnerabilities, Projector recommends using SHA-256. You can check your algorithm by going to AD FS | Trust Relationships | Relying Party Trusts | ProjectorPSA and going to the Advanced subtab.
See the Users section of this help page for instructions on configuring test users.
Single Sign On (SSO) Implementation Guide#ConfigureUsers
In the event that your ADFS configuration is not working, you can use our troubleshooting tool to view the SAML request and response. This will likely identify any outstanding issues.