To use Single Sign-On (SSO) with any other authentication
server, configure the Active Directory Federation Service (ADFS)
settings in SSO section of the Configuration Manager. The description
of the required fields are as follows:
- Authorize Endpoint
This is the authorization API endpoint of your SSO authorization
server. For example, https://login.microsoftonline.com/common/oauth2/v2.0/authorize.
- Token Endpoint
This is the token API endpoint of your SSO authorization
server. For example, https://login.microsoftonline.com/common/oauth2/v2.0/token.
- Redirect URI Pathname
- The Redirect URI Pathname specifies the redirect URL of the
browser, after the user finishes authenticating with their Identity
Provider. The redirect URIs are fixed, based on the context name,
which is always "
/<context-name>/server" and
"</context-name>/admin/index.html".
Note that this redirect URL, "https://<server-name>:<port-number>/<contextname>/server"
and "https://<server-name>:<port-number>/<contextname>/admin/index.html" needs
to be added in the redirect URIs of the authorization server.
- Response Type
- The Response Type determines which flow is used. The authorization
code flow and token flow are currently supported for verification
of authentication. This field should be specified as token,
code.
- Client ID
- The Client ID of the application that is created for RHS authorization
on the authorization server.
- Client Secret
- The Client Secret of the application that is created for RHS
authorization on the authorization server (this is not required
for all applications).
- Scope
- The scope determines the extent of authorization that is returned
in the id_token. Include the scopes that
you want to request authorization for and separate each one of them
by a space.You can request any of the standard scopes, such as email, profile and openid.
- Token Primary key
- The Primary Key in the granted token, uniquely identifies a
user. This is received from the token endpoint and user info of
the granted token.
- Token Role Key
- This attribute specifies the claim which consists of the list
of roles assigned to a user for the granted JWT token. To enable
authorization, ensure that the value entered in this field matches
the claim containing the list of roles in the JWT token.
Note: Although the ‘roles’ in ADF S are comparable to
the ‘groups’ in LDAP (Lighweight Directory Access Protocol), there
is a significant difference in the workflow. LDAP allows for the
verification of any AD/LDAP group; however, this is not possible
in ADFS. Hence, an administrator needs to ensure that the existing
or newly added roles are first present in ADFS, and later added
with the same name in RoboHelp Server.
- Extra Parameters
- This field adds any additional parameters to be sent to the
server for authorization. The parameters should be URL encoded.
For example:
¶m1=value1,¶m2=value2.
