ADFS ID Provider
Contents
Authenticate your users using Active Directory Federation Services. This ID Provider uses the OAuth2 endpoint of your AD FS to authenticate users. It is compatible with ADFS 3.0 (Windows Server 2012 R2) and ADFS 4.0 (Windows Server 2016)
Configuration
-
On your AD FS server, create and configure a Relying Party Trust & an ADFS client
-
In your Enonic XP admin interface
-
In the admin tool "Applications", install the application "ADFS ID Provider" .
-
In the admin tool "Users", create an Id Provider and configure it to use the ADFS ID Provider.
-
clientId: ADFS Client ID
-
resource: Relying Party Trust identifier
-
-
-
In your Enonic Virtual Hosting configuration, modify the appropriate mappings so that your site or admin interface uses the user store you created.
# Use ADFS for a site mysite mapping.mysite.host = example.com mapping.mysite.source = / mapping.mysite.target = /site/default/master/mysite mapping.mysite.idProvider.adfs-idprovider = default
How to enable debug logging
Add the following to $XP_HOME/config/logback.xml and restart the server
<logger name="com.enonic.app.adfsidprovider" additivity="false">
<level value="DEBUG" />
<appender-ref ref="STDOUT"/>
<appender-ref ref="FILE"/>
</logger>