What is ADSF #
ADSF, or Active Directory Federation Services, is the part of Microsoft software installed as part of Windows Server that enables single sign-on (SSO) to independent applications. ADSF extends Active Directory to web services, enabling authentication to applications hosted on the internet. More information on the Microsoft websites can be accessed here.
Minimum requirements
- Minimum system version that supports OpenID: Windows Server 2016 AD FS – Windows Server 2016.
- Account on the system
Application Registration
To register an application, open the ADFS console in Windows Server and add a new Application Group.
The name of the application is arbitrary. It is however important to select Server Application in the options.
After confirming and proceeding to the next step, the application configuration window will appear.
In this window, you will find the Client ID. This needs to be copied and transferred to the Navigator365 configuration.
The last thing you need to add is the address to which the user will be redirected after authorization.
Secret key #
In the next configuration step in the ADSF console, we move to Configure Application Credentials.
In this view, tick the Generate a shared secret checkbox. Once generated, you need to copy it to the clipboard and then enter it in the Navigator365 configuration.
After this step, you can complete the configuration in the ADSF console.
Web API configuration #
Once the configuration is complete, our application should be visible in the ADSF view. We enter its configuration by double-clicking on the name.
Then click Add Application, select Web API, and click Next.
In the Identifier field, enter the address of Navigator365 and the Client ID that was established when registering the application. Click Add.
Finally, the access policy must be set. As a general rule, we assign permissions to everyone.
Finally, check the option: openid in the permitted scopes.
We then approve the next steps and complete the Web API configuration.