ZOHOCORP

Installing and configuring AD FS 2.0 to work with ManageEngine SDP On-Demand

This document contains the steps for installing and configuring AD FS 2.0 to work with ManageEngine ServiceDesk Plus On-Demand.

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Note: Screenshots contain the following: Verified primary domain name: pmp.com AD FS 2.0 installed on system: pmp-w2k8

Double-click the downloaded ADFSSetup.exe Click Next

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Accept the License Agreement and click Next

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Select 'Federation Server' and click Next

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Click Next

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

'Un-Select' the checkbox 'Start the AD FS 2.0 ...' and then click 'Finish'

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Go to C:\Program Files\Active Directory Federation Services 2.0 directory and edit the file Microsoft.IdentityServer.ServiceHost.exe.config using wordpad

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Insert a line <generatePublisherEvidence enabled=false /> as seen above. Save and Exit wordpad

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Double click on FsConfigWizard.exe

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Select Create a new Federation Service and click Next

10

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Select Stand-alone Federation server and click Next

11

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Federation Service name will be shown by default based on the SSL Certificate installed on the IIS Server. Click 'Next'

12

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

If Delete database option is shown, then Select it and click 'Next

13

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Click Next

14

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

The Wizard will complete the configuration as shown below.

15

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Go to Start Menu Administrative Tools AD FS 2.0 Management

16

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Right-click on 'AD FS 2.0' and click 'Edit Federation Service Properties'

17

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Edit Federation Service name and identifier so as to not contain any domain component. For e.g., we have removed pmp.com domain component and have set the Federation service name and identifiers as just pmp-w2k8

18

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Right click on 'Trust Relationships' and click on 'Add Relying Party Trust'

19

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Click 'Start

20

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Select Enter data about the relaying party manually

21

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Type the Display name as zoho.com. Click Next

22

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Select AD FS 2.0 profile and click Next

23

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Click Next

24

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

1. Select Enable support for the SAML 2.0 WebSSO protocol 2. Enter the Relying party SAML 2.0 SSO service URL as : https://accounts.zoho.com/samlresponse/<your_verified_primary_do main> 3. Click Next

25

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

1. Enter the Relying party trust identifier as zoho.com 2. Click Add

26

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Click Next

27

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Select Permit all users to access this Relying party and click Next

28

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Click Next

29

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Un-Select the Open the Edit Claim Rules... checkbox and click Close

30

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Right-click on zoho.com and click Properties

31

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Click the Advanced tab and change the Secure hash algorithm as SHA-1

32

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Right-click on zoho.com and click Edit claim Rules

33

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

In the Issuance Transform Rules tab click Add Rule

34

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Select Send Claims Using a Custom Rule and click Next

35

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Enter the Claim rule name as windowsaccountname. Copy paste the following code and click Finish
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"] => add(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"), query = "sAMAccountName={0};mail;{1}", param = regexreplace(c.Value, "(?<domain>[^\\]+)\\(?<user>.+)", "${user}"), param = c.Value);

36

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Again click Add Rule

37

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Select Send Claims Using a Custom Rule and click Next

38

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Enter the Claim rule name as email. Copy paste the below code and click Finish
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"] => issue( Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");

39

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Go to Certificates node. Right-click on the Token-signing certificate and click Show Certificate

40

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Click the Details tab and click Copy to File

41

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Click Next

42

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Select No, do not export the private key and click Next

43

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Select Base-64 encoded X.509 (.CER) and click Next

44

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Give a file name where the certificate will be exported. Click Next. This certificated is later needed during SAML configuration.

45

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Click Finish

46

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Edit web.config present in C:\inetpub\adfs\ls directory

47

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Make sure Forms Authentication is configured as the first one in <localAuthenticationTypes> and then Save the file

48

Step by Step Guide to installing and configuring AD FS 2.0 with ManageEngine SDP On-Demand

Logout.aspx
1. Open Notepad 2. Copy and paste the following code 3. File ---> Save As ---> C:\inetpub\adfs\ls\Logout.aspx

<%@ Page Language="C#" %> <% Response.CacheControl="no-cache"; %> <% Response.AddHeader("Pragma","no-cache"); %> <% Response.Expires = -1; %> <% FormsAuthentication.SignOut(); int count = Request.Cookies.Count; for(int i = 0 ; i < count ; i++) { System.Web.HttpCookie obj = Request.Cookies[i]; obj.Expires = DateTime.Now.AddDays(-1); obj.Value = ""; obj.Path = "/adfs/ls"; Response.Cookies.Add(obj); } string serviceURL = Request["serviceurl"]; Response.Redirect(serviceURL); %>

49