This guide describes how to add the Dualshield SSO as a WS-Federation Claims Provider in the ADFS server.

Add Claims Provider

Launch the ADFS Management console

Right click on "Trust Relationships", and then select "Add Claims Provider Trust”

This will initiate the Add Claims Provider Trust Wizard.

In the wizard, click through the welcome page to the "Select Data Source" page

Select the option "Enter claims provider trust data manually"

Click Next 

Enter the Display Name for your DualShield SSOL server, e.g. "DualShield SSO"

Click Next

In the WS-Federation Passive URL box, enter the URL below:

https://{dualshield-sso-fqdn}:8074/sso/wsfed/login/kvps/DASApplicationName/{application-name}/SPName/{service-provide-name}

You need to replace the following items

ItemMeaningExample
{dualshield-sso-fqdn}the FQDN of your DualShield SSO servermfa.fakestop.com
{application-name}the name of the application that you will create in your DualShield for ADFSADFS

{service-provider-name}

the name of the service provider that you will create in your DualShield for ADFSADFS-WSFED

Example: https://mfa.fakestop.com:8074/sso/wsfed/login/kvps/DASApplicationName/ADFS/SPName/ADFS-WSFED

Click Next to continue

In the Claims provider trust identifier box, enter the Entity ID of your DualShield SSO server, e.g. urn:deepnet:dual:idp:sso:mfa.fakestop.com

To find the Entity ID of a SSO server, firstly find the SSO server

In the Admin Console, in the side panel, select "SSO| SSO Servers"

then, view its properties


Click Next

Click the Add button to import the IdP certificate of your DualShield SSO 

To find the Entity ID of a SSO server, firstly find the SSO server

In the Admin Console, in the side panel, select "SSO| SSO Servers"

then, select Download IdP Certificate from its context menu

Click Next

Click Next

Click Close

Configure Claims Provider

After the DualShield claims provider has been added, it needs to be configured

We want ADFS to forward the user's login name to DualShield SSO, so that users do not need to enter their login name twice. In order to do so, we need to configure ADFS.

Launch Windows Powershell on the ADFS server, and enter the command below

Set-AdfsclaimsProviderTrust -TargetName "{claims provider name}" -PromptLoginFederation ForwardPromptAndHintsOverWsFederation

Replace "{claims provider name}" with the actual name of your DualShield claims provider, e.g. "DualShield SSO" in this example

You can double check the option by entering the command below

Get-AdfsclaimsProviderTrust -Name "{claims provider name}"







  • No labels