ADFS ID Provider

Contents

Authenticate your users using Active Directory Federation Services. This ID Provider uses the OAuth2 endpoint of your AD FS to authenticate users. It is compatible with ADFS 3.0 (Windows Server 2012 R2) and ADFS 4.0 (Windows Server 2016)

Configuration

  • On your AD FS server, create and configure a Relying Party Trust & an ADFS client

  • In your Enonic XP admin interface

    • In the admin tool "Applications", install the application "ADFS ID Provider" .

    • In the admin tool "Users", create an Id Provider and configure it to use the ADFS ID Provider.

      • clientId: ADFS Client ID

      • resource: Relying Party Trust identifier

Installation
  • In your Enonic Virtual Hosting configuration, modify the appropriate mappings so that your site or admin interface uses the user store you created.

    # Use ADFS for a site mysite
    mapping.mysite.host = example.com
    mapping.mysite.source = /
    mapping.mysite.target = /site/default/master/mysite
    mapping.mysite.idProvider.adfs-idprovider = default

How to enable debug logging

Add the following to $XP_HOME/config/logback.xml and restart the server

<logger name="com.enonic.app.adfsidprovider" additivity="false">
    <level value="DEBUG" />
    <appender-ref ref="STDOUT"/>
    <appender-ref ref="FILE"/>
</logger>

Contents