Active Directory Federation Service

Active Directory Federation Service (ADFS) enables single sign-on access to LogScale through Microsoft's Windows-based authentication system, requiring specific configuration of Relying Party Trust and SAML 2.0 WebSSO protocol settings. The integration process involves setting up LDAP attribute configurations, managing metadata XML, and handling certificate requirements, with different implementation steps for LogScale Cloud customers versus self-hosted installations.

ADFS is a software component from Microsoft that runs on Windows. It can provide users with single sign-on access to LogScale.

Prerequisites

Before continuing, make sure you have ADFS set up and that you have a role that allows you to modify ADFS. Membership in Administrators, or equivalent, is the minimum requirement.

Configure Active Directory Federation Service

To configure the ADFS for integration with LogScale:

First add a new Relying Party Trust. Click Start then select Enter data about the relying party manually and click Next.
In the Configure URL tab, enable support for the SAML 2.0 WebSSO protocol. Use http(s)://$YOUR_LOGSCALE_URL/api/v1/saml/acs.
In the Configure Identifiers tab, add http(s)://$YOUR_LOGSCALE_URL/api/v1/saml/metadata. In the last tab, make sure to check Configure claims issuance policy for this application.
In the new pop-up, add a rule with the rule type Send LDAP Attributes as Claims. In the table on the left side (LDAP attribute), select Email Addresses. Then, in the Outgoing claim type table select Name ID.
Now, add another rule, also with the rule type Send LDAP Attributes as Claims. In the LDAP attribute table, select Is-Member-of:DL. In the Outgoing claim type table select Group.
You will need to find the metadata XML at this URL, adjusting the domain address to your domain: https://<ADFSURL_PUBLIC_URL>/FederationMetadata/2007-06/FederationMetadata.xml>
You will also need the entityId as Idp Entity Id, as well as the <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" as Sign on URL, and X509Certificate as Certificate in Base 64
If you have a self-hosted installation of LogScale, you need to save the certificate as a PEM file on the server.

Configure LogScale to use Active Directory Federation Service

When Active Directory Federation Service is configured to work with LogScale, you must configure LogScale to work with Active Directory Federation Service .

To configure Active Directory Federation Service to work with LogScale, you must set the configuration variables as described in Configure SAML for LogScale Self-Hosted.

Test the Active Directory Federation Service integration setup

Once all of the necessary steps to set up the Active Directory Federation Service authentication for LogScale are completed, you need to test the setup.

Go to a Terminal and start LogScale with the following command:
shell
```
./run.sh
```
Allow two to three minutes for LogScale to start.
Connect to localhost in a browser. It should redirect you to a Active Directory Federation Service login.
Sign into your Active Directory Federation Service. You should be taken to LogScale.

Self-Hosted Overview

Instance Administration

Organization Essentials

Configuring Security

Authentication and identity providers

Other authentication methods

Users and Permissions

Cluster Management

Health Checks

Ingesting Data

Configuration Variables

LogScale URLs and Endpoints

Limits and Standards

Deployment Overview

Planning Your Deployment

Instance Sizing

Storage Architecture

Installing Using Containers

Installing On Bare Metal or Cloud Instance

Reference Architectures

Installing Load Balancers

Deploying Auxiliary Services

Configuration Settings

Managing Your Deployment

Testing Your Deployment

Humio Operator

Data Analysis Overview

LogScale Web Interface

Manage Repositories and Views

Manage Account

Parse Data

Search Data

Write Queries

Query Language Syntax

Query Joins and Lookups

Query Functions

Data Visualization

Automation

Template Language

Keyboard Shortcuts