Page History

Create a Web Logon Procedure 

1. Login to the DualShield Management Administration Console
2. In the main menu, select navigate to “Authentication | Logon Procedure”Procedures”
3. Click the “Create” “+Create” button on the toolbar
4. Enter a suitable “Name” and select “Web SSO” as the type
   Image Removed, then select 'Type' from the drop-down as "Web SSO".
   
   Image Added
   
   
5. Click “Save” to confirm creation.
6. Click the Context Menu icon back on the context "..." menu of the newly created logon procedureLogon Procedure, then select “Logon Steps”
7. In the popup windows, click the “Create” button on the toolbarwindow on the right, select "+ ADD" button, to add a new authentication method.
8. Select from the list the required Select the authentication method, i.e. “Static Password” (AD Password)
9. Click "Save" to add the Step.
10. Repeat from 7 ,8 & 9 to create the second logon step, i.e. "One-Time Password"
    Image Removed- 9 for any additional authentication steps you wish to use:
    
    Image Added
    
    

Create a Web

...

Application 

1. In the main menu, select navigate to “Authentication | Application”Applications”
2. Click the “Create” “+ CREATE” button on in the toolbar
3. Enter an appropriate “Name”
4. Select the internal “Realm”
5. Select the newly created logon procedure
   Image RemovedLogon Procedure created previously. 
   
   Image Added
   
   
6. Click "Save"SAVE" to complete the Application creation.
7. Click the context "..." menu of the newly created application, select then "AgentAgents"
   Image Removed
   Image Added
   
   
8. Select the "Single Sign-on Server | SSO Server"
9. Click "SaveSAVE" button to confirm.
   
   
10. Click the context "..." menu of the newly created applicationApplication, select then "Self Test"
    Image Removedto confirm all components are correctly associated.
    
    Image Added

Create a new Service Provider

1. In the main menu, select navigate to "SSO | Service Providers", click "Create"
2. Click the "+ CREATE" button
3. Select the "SSO Server", and enter Single Sign-on Server"
4. Select the Sharepoint "Application" created previously
5. Enter a suitable "Name"
6. Select "'Type" ' as "WS-Federation" 
   
   Image Added
   
   
7. Click the 2nd tab named "Attributes"
8. Select the "+ CREATE" button
   
   You need to create an Attribute that matches "RoleClaims" and "Identity Claims", as specified in the PowerShell scripts that will be created in the SharePoint Configuration section.   
   
   
9. Select 'Location' as "HTTP Body"
10. Enter an appropriate "Name"
11. The 'Format' select from the drop-down "attrname-format:url"
12. Within 'Value' select "Fixed Value" and set the Value as the actual name specified in the RoleClaims (replacing "NameOfRole" in this field). As per the following article:  Link Groups Script
13. From the drop-down, set the 'Claim Type' as setting "http://schemas.microsoft.com/ws/2008/06/identity/claims"
    
          Image Added
    
    14. Click "SAVE" button to confirm creation of new Attribute.
    
    
    Next create 'Identity Claims attributes' that will be mapped to AD Attributes. There would usually be 3 attributes, containing emailaddress, givenName and Surname (see SSO Script article)
    
    
    You are able to map AD Attributes as follows.
    Click "Save"16. Selecting 'Value' as "Maps to an identity attribute"
    17. Then click the magnifying glass, to the right of the field....
    18. Here you can change "Identity Source" to your internal AD Domain
    19. Then "Maps To" you can select a specific Attribute from Active Directory. ie: "Email"....
     
          Image Added
    
       
    Image Removed
      Image Added
    
    Ensure checkbox "Return in Response" is enabled on all your Attributes.
    
    20. Click "SAVE" to create the new Attribute.
    21. Repeat for the other Attributes. Then you should have all 3 setup, like follows:
    
          Image Added
    
    
    22. Finally click "SAVE" to confirm creation of these new Attributes.