Configuring Disconnected Scanning for AD FS - Legacy Authentication Methods - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Essential - Premier - Standard - external - Standard - Essential - Premier

Legacy Authentication Methods

Platform
OnBase
Product
Legacy Authentication Methods
Release
Foundation 23.1
License
Standard
Essential
Premier

In order to configure Disconnected Scanning to use AD FS authentication, you must first set up the OnBase Web and Application Servers to use AD FS.

To configure Disconnected Scanning to use AD FS authentication:

  1. Open the disconnectedscan.exe.config file in a plain-text editor.
    Note:

    Do not use a binary-text editor, such as Microsoft Word, to edit the Web.config file.

  2. In the configSections element, uncomment the Hyland.Authentication section, if it is not already uncommented:
    <section name="Hyland.Authentication" type="Hyland.Authentication.Configuration.AuthenticationConfigurationSection, Hyland.Authentication" />
  3. Uncomment the system.web element, if it is not already uncommented:

    <system.web>

    <webServices>

    <soapExtensionTypes>

    <add type="Hyland.Authentication.ADFS.CustomCanvasADFSAuthSoapExtension, Hyland.Authentication" />

    </soapExtensionTypes>

    </webServices>

    </system.web>

  4. Uncomment the Hyland.Authentication element, if it is not already uncommented:
    • <Hyland.Authentication>

      • <adfs enabled="true" logClientEventsToEventLog="true">

        <wsTrust forceNTLM="false">

        <adfsEndpointAddress></adfsEndpointAddress>

        <securityMode>Transport</securityMode>

        <trustVersion>WSTrustFeb2005</trustVersion>

        <appliesTo></appliesTo>

        </wsTrust>

        </adfs>

  5. Set the attributes of the adfs element to the following values:
    • enabled: true

    • logClientEventsToEventLog: true

  6. Set the forceNTLM attribute of the wsTrust element to true or false.
    • true: Authentication through the Application Server is done using an AD FS proxy server that is not directly joined to the domain.

    • false: Authentication through the Application Server is done directly with an internal AD FS server.

  7. Set the value of the adfsEndpointAddress element to the address on the AD FS server for the 2005 transport endpoint. For example:

    https://adfsserver.domain.com/adfs/services/trust/2005/windowstransport

    (where adfsserver.domain.com is replaced with the address specific to your AD FS server).

  8. Set the value of the securityMode element to Transport.
  9. Set the value of the trustVersion element to WSTrustFeb2005.
  10. Set the value of the appliesTo element to the match the audienceUris value in the web.config file of the OnBase Web Server. For example: https://mydomain.com/AppNet/(where mydomain.com is replaced with the server hosting the Web Server).
    Note:

    The appliesTo address must end with a trailing forward-slash: /

  11. Save and close the disconnectedscan.exe.config file.