Content Comparison

Table of Contents

What is needed from the customer to set up SSO on Azure AD platform using SAML protocol?

1. Customer sets up the first app in Azure AD: ADPOINT Java UI:

1.1. Basic SAML Configuration

1.2. User Attributes & Claims

1.2.1. Required claim
Unique User Identifier (Name ID): user.userprincipalname

1.2.2. Additional claims
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress: user.mail
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname: user.givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: user.userprincipalname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname: user.surname

1.2.3. Add a group claim
Choose: All groups
Source attribute: Group ID
A new additional claim should appear: http://schemas.microsoft.com/ws/2008/06/identity/claims/groups user.groups

Image Removed

Image Added

1.3. Assign users and roles.

2. Customer sets up the second app: ADPOINT Web Client - similar as above but:

3. Customer sends to Integration X:

"App Federation Metadata URL" field value
Information about groups and roles

Tomcat/logs/sso-saml.log

Check if on Adpoint's final SSO webpage you can see groups in Authentication Attributes. If not ask a customer to add the groups attribute in:

Azure AD -> Enterprise Apps -> ADPOINT app -> Single Sign-on -> User Attributes & Claims -> Additional claims

The sso-saml.war should be created in a new folder: Tomcat/webapps-javaee/.

When Tomcat is started the files will be migrated to webapps folder and the sso-saml folder will be created there as usual.