OAuth 2.0 ADFS

In this article

Also in this section

There are no sub-sections to this page


 

 

Overview

To use ADFS with OAuth 2.0, you must first setup AppsAnywhere as a client in ADFS.

Active Directory Federation Services (ADFS), was introduced in Windows Server 2003 R2 to help organizations set up and participate in a standards-based identity federation.

Before You Begin

  1. Add a new OAuth ADFS form to this page
    (the process for adding a new SSO method is documented in the Single Sign-On Settings page)

 

Fill in the standard fields found on all SSO methods, a description of each of these is documented in the Single Sign-On Settings page, in the 'Fields Common to all Methods' section.

In addition to these, you will need to complete the following fields.

Custom Fields

Field NameDescriptionIntended ValueExample
Login BehaviourDetermines how and when you want your users to be presented with the Azure login"Manual Redirect" will add a "Login with Office 365" option to the standard login form. "Automatic Redirect" will automatically redirect any user that is not already logged in straight to the Office 365 login page for authentication. "Manual and Automatic Redirect" will offer both options to the user.We imagine most customers will wish to use "Manual and Automatic Redirect"
Client ID The "Application ID" value that you made a note of when creating the App registration in Azure95a4e352-8ede-4422-9202-cec15b5edde4
Client SecretThe authentication token that AppsAnywhere uses to communicate with AzureThe key you created against your App registration in Azure in the previous stepspSfTi9sDpBcJ/RCbCf6z/bF2x391GD4cWrGFx1JiMjc=
Short Domain NameThe domain identifier for where user information can be found for users that authenticated with AzureIn order for AppsAnywhere to know which of your LDAP domains it should query for user information when they login through Azure, you should enter the short domain for your LDAP connection, ensuring that it matches one defined in AppsAnywhereAPPSANYWHERE

 

Security


 

NOTES:

 

  • Verify certificates is set to TRUE by default
  • The ca cert can be placed in /data/files/oauth2/ca.crt
    • If this file is there, it will be used
  • If one is not provided, then the cert presented by their ADFS would have to be one signed by a globally-recognised CA (i.e. not self-signed, or signed by their own internal CA)


 

Useful Information

Warning

Something To Note

Useful Tip


 

Some other articles you might find useful: