To use Single Sign-On (SSO) with any other authentication server, configure the Active Directory Federation Service (ADFS) settings in SSO section of the Configuration Manager. The description of the required fields are as follows:
- Authorize Endpoint
This is the authorization API endpoint of your SSO authorization server. For example,
https://login.microsoftonline.com/common/oauth2/v2.0/authorize.
- Token Endpoint
This is the token API endpoint of your SSO authorization server. For example,
https://login.microsoftonline.com/common/oauth2/v2.0/token.
- Redirect URI Pathname
- The Redirect URI Pathname specifies the redirect URL of the
browser, after the user finishes authenticating with their Identity
Provider. The redirect URIs are fixed, based on the context name,
which is always "
/<context-name>/server" and "</context-name>/admin/index.html".
- Response Type
- The Response Type determines which flow is used. The authorization code flow and token flow are currently supported for verification of authentication. This field should be specified as token, code.
- Client ID
- The Client ID of the application that is created for RHS authorization on the authorization server.
- Client Secret
- The Client Secret of the application that is created for RHS authorization on the authorization server (this is not required for all applications).
- Scope
- The scope determines the extent of authorization that is returned in the id_token. Include the scopes that you want to request authorization for and separate each one of them by a space.You can request any of the standard scopes, such as email, profile and openid.
- Token Primary key
- The Primary Key in the granted token, uniquely identifies a user. This is received from the token endpoint and user info of the granted token.
- Token Role Key
- This attribute specifies the claim which consists of the list
of roles assigned to a user for the granted JWT token. To enable
authorization, ensure that the value entered in this field matches
the claim containing the list of roles in the JWT token.Note: Although the ‘roles’ in ADF S are comparable to the ‘groups’ in LDAP (Lighweight Directory Access Protocol), there is a significant difference in the workflow. LDAP allows for the verification of any AD/LDAP group; however, this is not possible in ADFS. Hence, an administrator needs to ensure that the existing or newly added roles are first present in ADFS, and later added with the same name in RoboHelp Server.
- Extra Parameters
- This field adds any additional parameters to be sent to the
server for authorization. The parameters should be URL encoded.
For example:
¶m1=value1,¶m2=value2.