Single Sign-On using ADFS

Pre-requisites for enabling ADFS integration with RoboHelp Server:

OpenID with OAuth 2.0 are the currently supported protocols.
Both the AuthCode Grant Flow and the Implicit Grant Flow of OAuth 2.0 are supported.
To use Implicit Grant Flow, ensure to enable the ImplicitGrantFlow setting in AD server settings, if not enabled.
To use AuthCode Grant Flow, specify isImplicitGrantFlowEnabled=0 in the <context-name>_server.propertiesfile in the WEB-INF folder of the installation directory.
- The Boolean value 0 is specified when user wants to use ADFS configuration, but does not want to enable ImplicitGrantFlow.
While setting up Configuration Manager, ensure that you provide a unique standard attribute for “Token Primary Key”. It is one of the claims which uniquely identifies a user. For example, “preferred_username”

Ensure that the “Token Role Key” attribute is present in the decoded JSON Web Token (JWT). It is a mandatory field to enable the authorization workflow. For example, if the value for the “Token Role Key” field is ‘roles’, make sure the attribute ‘roles’ is present in the JWT token.

Refer to this sample Microsoft Azure token below:

{
   "aud": "560f3fff-f027-48dc-92b3-fdcd97826f8e",
   "iss": "https://login.microsoftonline.com/fa7b1b5a-7b34-4387-94ae-d2c178decee1/v2.0",
   "iat": 1633064904,
   "nbf": 1633064904,
   "exp": 1633068804,
   "aio": "AVQAq/8TAAAAw0xt/W8LVReXe1zqrS0U4DdY43hMkZ1+P3dLPO647Kl6kCAW7fWaqP2uI2rRljfEqivGwzDteXjY3kTWumTM6ZClrbV41LGY4wUH3HzCysQ=",
   "azp": "560f3fff-f027-48dc-92b3-fdcd97826f8e",
   "azpacr": "1",
   "name": "admin",
   "oid": "39e2dbde-338b-41f3-af3f-aef31e4dcada",
   "preferred_username": "admin@companyname.com",
   "rh": "0.ASYAWht7-jR7h0OUrtLBeN7O4f8_D1Yn8NxIkrP9zZeCb44mANk.",
   "roles": [
   "ssorole4",
   "ssorole1"
   ],
   "scp": "access_as_user",
   "sub": "dCBBb1RY4-dq4bulYk3bUeshgvIxF6BsH-VsxEL24M4",
   "tid": "fa7b1b5a-7b34-4387-94ae-d2c178decee1",
   "uti": "EeBlLBj_ykCM8NdQiAe5AA",
   "ver": "2.0"
}

Note: The default value for the “Token Role Key” is ‘roles’. Leaving this field blank in the Configuration Manager will take the default value as ‘roles’.