Configure Single Sign-On using ADFS

To use Single Sign-On (SSO) with any other authentication server, configure the Active Directory Federation Service (ADFS) settings in SSO section of the Configuration Manager. The description of the required fields are as follows:



Authorize Endpoint

This is the authorization API endpoint of your SSO authorization server. For example, https://login.microsoftonline.com/common/oauth2/v2.0/authorize.

Token Endpoint

This is the token API endpoint of your SSO authorization server. For example, https://login.microsoftonline.com/common/oauth2/v2.0/token.

Redirect URI Pathname
The Redirect URI Pathname specifies the redirect URL of the browser, after the user finishes authenticating with their Identity Provider. The redirect URIs are fixed, based on the context name, which is always "/<context-name>/server" and "</context-name>/admin/index.html".

Note that this redirect URL, "https://<server-name>:<port-number>/<contextname>/server" and "https://<server-name>:<port-number>/<contextname>/admin/index.html" needs to be added in the redirect URIs of the authorization server.

Response Type
The Response Type determines which flow is used. The authorization code flow and token flow are currently supported for verification of authentication. This field should be specified as token, code.
Client ID
The Client ID of the application that is created for RHS authorization on the authorization server.
Client Secret
The Client Secret of the application that is created for RHS authorization on the authorization server (this is not required for all applications).
Scope
The scope determines the extent of authorization that is returned in the id_token. Include the scopes that you want to request authorization for and separate each one of them by a space.You can request any of the standard scopes, such as email, profile and openid.
Token Primary key
The Primary Key in the granted token, uniquely identifies a user. This is received from the token endpoint and user info of the granted token.
Token Role Key
This attribute specifies the claim which consists of the list of roles assigned to a user for the granted JWT token. To enable authorization, ensure that the value entered in this field matches the claim containing the list of roles in the JWT token.
Note:

Although the ‘roles’ in ADF S are comparable to the ‘groups’ in LDAP (Lighweight Directory Access Protocol), there is a significant difference in the workflow. LDAP allows for the verification of any AD/LDAP group; however, this is not possible in ADFS. Hence, an administrator needs to ensure that the existing or newly added roles are first present in ADFS, and later added with the same name in RoboHelp Server.

Extra Parameters
This field adds any additional parameters to be sent to the server for authorization. The parameters should be URL encoded. For example: &param1=value1,&param2=value2.