Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


To use ADFS with Media Manager, some configuration is required.

5.1 Prerequisites

In order to use ADFS with Media Manager, the DAM Center which Media Manager uses must have ADFS enabled.

5.2 Web.config

In the supplied web.config there is some AD FS parts that needs to be changed.

  • <allow users="*" /> —  should be removed
  • <!-- AD FS deny users="?" /--> — needs to be changed to <deny users="?"/>

Original:

Code Block
languagexml
<!-- Original -->    
	<authorization>
      <allow users="*" />
      <!-- ADFS deny users="?" /-->
    </authorization>

<!-- Changed-->

ADFS Enabled:

Code Block
languagexml
	<authorization>
      <deny users="?" />
    </authorization>


  • In the section trustedIssuers change the thumbprint to the correct thumbprints from Token-decryption and Token-signing.
  • Be aware that in some cases an unshown character might be copied with the thumbprint if you copy from Powershell. That need to be removed.
  • my-adfs.server.com should be replaced with the URL of the ADFS server to be used
Code Block
languagexml
        <trustedIssuers>
          <add thumbprint="FB041E751322F2D22A212F8B72101B175985CD24FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" name="http://my-adfs.server.com/adfs/services/trust" />
          <add thumbprint="5591CB331588959252502F9533783AEDED336BB2FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" name="http://my-adfs.server.com/adfs/services/trust" />
        </trustedIssuers>


  • In the section audienceUris make certain that all URLs where a user needs to be redirected to the ADFS server is noted. Normally only the main URL for the site Is needed here.
  • Replace mm.company.org with the URL of the Media Manager
Code Block
languagexml
      <audienceUris>
        <add value="https://mm.company.org" />
      </audienceUris>


  • In the section wsFederation change realm to the precise same as Relying party in the ADFS server.
Code Block
languagexml
      <wsFederation passiveRedirectEnabled="true" issuer="https://my-adfs.server.com/adfs/ls/" realm="https://mm.company.org" requireHttps="true" />


  • Replace dam.company.org with the URL to the DAM Center using ADFS
Code Block
languagexml
      <cookieHandler requireSsl="true" domain="dam.company.org" path="/" />


Table of Contents