Active Directory Federation Services
ADFS is a software component from Microsoft that runs on Windows. It can provide users with single sign-on access to LogScale.
To configure the ADFS for integration with LogScale, first add a new Relying Party Trust. Click Start and then select Enter data about the relying party manually and click Next.
In the Configure URL tab, enable support for the SAML 2.0 WebSSO
protocol. Use http(s)://$YOUR_LOGSCALE_URL/api/v1/saml/acs
In the Configure Identifiers tab, add
http(s)://$YOUR_LOGSCALE_URL/api/v1/saml/metadata. In the
last tab, make sure to check Configure claims issuance policy for this
application.
In the new pop-up, add a rule with the rule type, Send LDAP Attributes as Claims. In the table on the left side (LDAP attribute), select Email Addresses. Then, in the table on the right side (Outgoing claim type), select Name ID.
Now, add another rule, also with the rule type, Send LDAP Attributes as Claims. In the table on the left side (LDAP attribute), select Is-Member-of:DL. In the table on the right side (Outgoing claim type), select Group.
You will need to find the metadata XML at this URL, adjusting the domain
address to your domain:
https://<ADFSURL_PUBLIC_URL>/FederationMetadata/2007-06/FederationMetadata.xml>
You will also need the entityId as
Idp Entity Id, as well as the
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" as
Sign on URL, and
X509Certificate as
Certificate in Base 64
If you have a self-hosted installation of LogScale, you need to save the certificate as a PEM file on the server.
To configure LogScale on your own server, go to the top of this page on Configuring LogScale. To use SAML with LogScale Cloud, go to the Configuring Identity Providers for LogScale Cloud documentation page.
See the Active Directory FS Documentation for more information.