Configuring the Application Server for AD FS - Legacy Authentication Methods - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Essential - Premier - Standard - external - Standard - Essential - Premier

Legacy Authentication Methods

Platform
OnBase
Product
Legacy Authentication Methods
Release
Foundation 23.1
License
Standard
Essential
Premier

To configure the OnBase Application Server for AD FS you must edit the Web.config file of the Application Server. The Web.config file can be edited using the Web Application Management Console. For complete details on using the Web Application Management Console, see the Web Application Management Console module reference guide.

Note:

The OnBase Application Server virtual directory should be configured for anonymous authentication since the identity of the user might not be within the domain of the server.

To configure the Application Server for AD FS:

  1. Create a backup copy of the Web.config file. This will allow you to easily rollback any changes you make.
  2. Launch the Web Application Management Console and ensure that the Application Server you are configuring is loaded.
  3. Select the ADFS Settings tab.
  4. Select Configure for ADFS from the Tools menu. This adds the required elements to the Web.config file and populates the default values.
  5. Ensure that ADFS Enabled is selected.
  6. Ensure that the value of Request Validation Mode is 2.0.
  7. Under the system.identityModel settings, update the following values to match your environment:
    • Audience URI: The value of the Relying Party Trust Identifier as configured on the AD FS server. This value must match exactly what the AD FS server has.

    • Trusted Issuer Thumbprint: The value of the thumbprint of the Token Signing Certificate.

    • Trusted Issuer Name: The value of the name of the Federation Service Identifier.

      Tip:

      The Trusted Issuer Thumbprint and Trusted Issuer Name values can be found in the Microsoft AD FS administration utility.

  8. Under the system.identityModel.services settings, update the following values to match your environment:
    • wsFederation Issuer: The value of the issuer attribute to your AD FS server.

    • wsFederation Realm: The value of the realm attribute. This must match exactly the Relying Party identifier as configured on the AD FS server.

    • Certificate X509FindType: The value of the attribute that the Certificate Find Value is referencing. Set this value to FindByThumbprint.

    • Certificate Find Value: The value of the thumbprint of the encryption certificate used when adding the relying party trust.

      Tip:

      The Certificate Find Value thumbprint can be found in the Microsoft AD FS administration utility. It is the same as the previous thumbprint value used in the Trusted Issuer Thumbprint field.

    • Certificate Store Location: The value that corresponds to where the certificate can be found. Possible values are CurrentUser and LocalMachine. The default value is LocalMachine.

    • Certificate Store Name: The value that corresponds to the store name where the referenced certificate can be found. The default value is My. Possible values are:

      • AddressBook

      • AuthRoot

      • CertificateAuthority

      • Disallowed

      • My

      • Root

      • TrustedPeople

      • TrustedPublisher

  9. Select Save from the File menu to save your changes, or press Ctrl + S on the keyboard.