You are here: Home Federated Authentication with Subscription Manager

Federated Authentication with Subscription Manager

How Can We Help?

Created On
byMuhammad Ali
Print
< Back

The role of an Identity Provider/Service is to maintain User records at a central place so that multiple Relying party applications can delegate Authentication and Authorization to a central Identity Provider.  XMPro has an Identity Service called XMPro Subscription Manager.

In a greenfield deployment, the Subscription Manager is installed along with rest of the Products and User records are added to it. However, in a brownfield deployment where a client may already have a functioning Identity Provider, it is not possible to maintain User records in the  Subscription Manager as well since it would negate the primary objective of having a central Identity Service.

In such scenarios where Identity Service already exists the correct approach is to setup Federation by creating a trust relationship between the client’s Identity service and the Subscription Manager. Once federation is established the Subscription Manager can recognize and authorize a user session authenticated by a trusted Identity Service, hence providing a Single Sign On and Single Sign Sign Off.

XMPro supports a number of external identity providers, ADFS being one of them:

How to Setup Federation with ADFS

Following are the set instructions required to establish Relying Party trust between ADFS and the XMPro Subscription Manager:

  1. Add a New Relying party trust in ADFS as explained here
  2. Select a Claims Aware Application
  3. For Data Source choose to enter the data about relying party manually
  4. In Configuration URL choose WS-Federation Passive protocol and specify Subscription Manager URL
  5. Ensure the above URL is also specified as Relying party Identifier

Once Relying party trust is added, create a New Claims Issuance Policy for the trust which would look like below:

Lastly, add the Federation Metadata URL which usually looks like

https://adfs.domain.com/federationmetadata/2007-06/federationmetadata.xml to  the Subscription Manager web.config

<xmpro>
     <xmidentity>
        <server ...>
           <identityProviders>
              <adfs metadataAddress="..."/ >
           </identityProviders>
        </server ...>
           ...
     </xmidentity>
        ...
</xmpro>

 

Comments are closed.

This is the legacy version of the XMPro Documentation site. For the latest XMPro documentation, please visit documentation.xmpro.com

Go to New Documentation Site
X