Nectar DXP SSO with Microsoft ADFS
- 16 Feb 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Nectar DXP SSO with Microsoft ADFS
- Updated on 16 Feb 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Overview
This document provides specific information about configuring Nectar DXP SSO with Microsoft ADFS 2.0+. For more general information about enabling SSO in Nectar DXP, refer to Configure Nectar DXP for SSO. The below procedure is an example only. Your specific requirements for ADFS configuration may vary.
Procedure
- From the Microsoft ADFS console, right-click on Relying Party Trusts and select Add Relying Party Trust...
- Select Claims aware and select Start
- Select Import data about the relying party from a file and select the SAML configuration file downloaded from Nectar DXP. Press NextIf you receive an error message stating "This operation is not supported for a relative URI", perform the following steps:1. Open the downloaded configuration file in a text editor such as Notepad.2. Search for "HTTP-Artifact". You should see this towards the end of the file3. Remove the XML element containing "HTTP-Artifact", starting from where it says "<md:AssertionConsumerService Binding" and ending with "index="1"/>Example:<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="nectar/saml/SSO" index="1"/>4. Save the file and try to import the file into the ADFS wizard again. You should not receive the error again.
- Enter a Display name for the trust. Suggested name is "Nectar DXP". Click Next
- Choose the access control policy appropriate for your organization. Click Next.
- Review the final settings and click Next.
- Once complete, right click on the new Relying Party Trust for Nectar DXP and select Edit Claim Issuance Policy...
- Click on Add Rule...
- Select Send LDAP Attributes as Claims and click Next
- Give the claim rule a name such as Default.
- Select Active Directory as the Attribute Store
- On the left side, under LDAP Attribute, select User-Principal-Name.
- On the right side, under Outgoing claim type, select Name ID
- On the next row, on the left side, select Token-Groups - Unqualified Names
- On the right side, select Group.
- Verify and click OK.
- Download a copy of your ADFS federation metadata file by navigating to https://<YourADFSServerName>/FederationMetadata/2007-06/FederationMetadata.xml from a browser. This should prompt you to save the file. Give it a memorable name and save it somewhere accessible.
- In Nectar DXP, upload your federation metadata file using the Upload metadata button under the Identity Provider Service Configuration section
- Under Additional Settings, place the following in the textbox for SSO User Groups Attribute: http://schemas.xmlsoap.org/claims/Group
- Under User Roles Mapping, select a Nectar DXP Tenant User Role on the left. The defaults are Administrator and ReadOnly. Additional roles can be defined if desired.
- Under External User Role, enter the name of the Active Directory group that you want to allow members to logon to Nectar DXP.
- Add additional role mappings as required
- Finally, click the Enable SSO login checkbox and click UPDATE
Was this article helpful?