Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

6.1 Web.config

In the supplied web.config there is some AD FS parts that needs to be changed.

  • <allow users="*" /> —  should be removed
  • <!-- AD FS deny users="?" /--> — needs to be changed to <deny users="?"/>
<!-- Original -->    
	<authorization>
      <allow users="*" />
      <!-- ADFS deny users="?" /-->
    </authorization>

<!-- Changed-->
	<authorization>
      <deny users="?" />
    </authorization>
  • In the section trustedIssuers change the thumbprint to the correct thumbprints from Token-decryption and Token-signing.
  • Be aware that in some cases an unshown character might be copied with the thumbprint if you copy from Powershell. That need to be removed.
  • my-adfs.server.com should be replaced with the URL of the ADFS server to be used
        <trustedIssuers>
          <add thumbprint="FB041E751322F2D22A212F8B72101B175985CD24" name="http://my-adfs.server.com/adfs/services/trust" />
          <add thumbprint="5591CB331588959252502F9533783AEDED336BB2" name="http://my-adfs.server.com/adfs/services/trust" />
        </trustedIssuers>


  • In the section audienceUris make certain that all URLs where a user needs to be redirected to the ADFS server is noted. Normally only the main URL for the site Is needed here.
  • Replace mm.company.org with the URL of the Media Manager
      <audienceUris>
        <add value="https://mm.company.org" />
      </audienceUris>


  • In the section wsFederation change realm to the precise same as Relying party in the ADFS server.
      <wsFederation passiveRedirectEnabled="true" issuer="https://my-adfs.server.com/adfs/ls/" realm="https://mm.company.org" requireHttps="true" />


  • Replace dam.company.org with the URL to the DAM Center using ADFS
      <cookieHandler requireSsl="true" domain="dam.company.org" path="/" />


  • No labels