Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
To use ADFS with Media Manager, some configuration is required.
5.1 Prerequisites
In order to use SAML 2.0 Product & ADFS (Active Directory Federation Services) with Media Manager (MM), the DAM Center (DC), which your MM uses, must have ADFS enabled.
I suggest to use an IDE like Notepad++ or Sublime for editing the web.config file. The following images are from Notepad++.
As the file has the extension ".config" and not ".xml" you'll need to manually change the language to be XML.
5.2 Web.config
To enable ADFS with SAML 2.0 Protocol for MM, you need to make some changes to the MM's web.config file, found in the root if the site folder.
5.2.1 ADFS SAML 2.0 Protocol config section
All the following configurations are occurring in the web.config file, around line 255 - so scroll to the bottom.
In the supplied web.config (from the root of the website) there are some ADFS SAML 2.0 Protocol configs that need to be changed.
Add to <configSections>:
| Code Block | ||
|---|---|---|
| ||
<section name="sustainsys.saml2" type="Sustainsys.Saml2.Configuration.SustainsysSaml2Section, Sustainsys.Saml2, Version=0.24.0.0, Culture=neutral, PublicKeyToken=f3f81a9c4b80e2ec" /> |
Add the following two to <modules>:
| Code Block | ||
|---|---|---|
| ||
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" /> |
After the following under <configuration>:
| Code Block | ||
|---|---|---|
| ||
<system.identityModel>
<identityConfiguration saveBootstrapContext="true"/>
</system.identityModel> |
The SAML 2.0 Protocol specific stuff can be added with the following (this is a sample but you can see all configuration options here https://github.com/Sustainsys/Saml2/blob/master/docs/Configuration.md):
| Code Block | ||
|---|---|---|
| ||
<sustainsys.saml2 entityId="https://local.dev.digizuite.com/DAMUI/Saml2/Acs" returnUrl="https://local.dev.digizuite.com/DAMUI/" minIncomingSigningAlgorithm="SHA256" authenticateRequestSigningBehavior="Never">
<metadata cacheDuration="0:0:42" validDuration="7.12:00:00" wantAssertionsSigned="false">
<organization name="Digizuite" displayName="Sustainsys" url="http://www.digizuite.com" language="da" />
<contactPerson type="Other" email="bbl@digizuite.com" />
<requestedAttributes>
<add name="Minimal" />
</requestedAttributes>
</metadata>
<identityProviders>
<add entityId="http://adfs.digidom.dk/adfs/services/trust" signOnUrl="https://adfs.digidom.dk/adfs/ls/" allowUnsolicitedAuthnResponse="false" binding="HttpRedirect" loadMetadata="true" metadataLocation="https://adfs.digidom.dk/FederationMetadata/2007-06/FederationMetadata.xml">
<signingCertificate storeName="My" storeLocation="LocalMachine" findValue="bcb69b53ff55993b14d8b7891251c5db6eb94542" x509FindType="FindByThumbprint" />
</add>
</identityProviders>
<serviceCertificates>
<add fileName="~/App_Data/Sustainsys.Saml2.Tests.pfx" />
</serviceCertificates>
</sustainsys.saml2> |
In some instances it can be necessary to increase the maxQueryStringLength to accommodate for the SAML token being returned as a parameter from ADFS
| Code Block | ||
|---|---|---|
| ||
<requestFiltering>
<requestLimits maxAllowedContentLength="2000000000" maxUrl="1638400" maxQueryString="1638400" />
</requestFiltering>
...
...
<httpRuntime maxRequestLength="2048000" executionTimeout="120000" requestValidationMode="2.0" maxUrlLength="16384" maxQueryStringLength="2048000" /> |
| Table of Contents |
|---|