SAML Login and Proof of Identity Configuration
This manual explains how to set up Security Assertion Markup Language (SAML) Login and Proof of Identity within eCASE. First, the ADFS Relying Party Trusts and Claim Rules need to be properly configured. Then, you can configure SAML SSO for eCASE.
NOTE: Always use HTTPS for eCASE App server and ADFS server URLs.
Configure ADFS Identity Provider
Ensure ADFS is properly installed and that the Federation Service Properties are configured as indicated in the following screenshot.
The Federation Service Properties pop-up window fields should have the following selections/values entered:
Federation Service display name: DEV-ADFS01
Federation Service name: dev-adfs01.ains-inc.com
Federation Service identifier: http://dev-adfs01.ains-inc.com/adf/services/trust āŖ Web SSO lifetime: Enter 480 minutes
2.1 Add Relying Party Trusts
To create a new relying party trust for the eCASE Application:
Click Add Relying Party Trustā¦ within the context menu. The Add Relying Party Trust wizard appears.
Click Start.
Select the Enter data about the relying part manually radio button, then click Next.
4. Enter ECASE in the Display Name field and click Next.
Select the AD FS profile radio button and click Next.
Click Next.
7. Enter the https URL for the eCASE Application in the Relying party SAML 2.0 SSO service URL field and click Next.
Enter ECASE in the Relying party trust identifier field and click Add. Then, click Next.
Click Next.
Click Next.
Click Next.
Verify the properties in different tabs after the relying party is created.
Provide SAML Assertion Consumer Endpoint as application portal URL and Binding as POST.
NOTE: To create the logout or redirect EndPoint for both eCASE and eCASE Admin, select the endpoint type as SAML logout, Binding as redirect, and Trusted URL as Error! Hyperlink reference not valid.
2.2 Configure the Claim Rules
The Edit Claim Rules pop-up window automatically appears. If it does not appear, click Edit Claim Rulesā¦ to configure the claim rules.
Set Add/Edit claim rule to SAMAccountName and UserID as shown below. Then, set Attribute Store to Active Directory.
3 eCASE Configuration
eCASE SAML Login and Proof of Identity Configuration can only be implemented within the eCASE Database Configuration screen during installation. After the initial SAML configuration values are set, authorized users can access the application.
3.1 eCASE Configuration for SAML SSO
To complete the eCASE Configuration for SAML SSO:
Open the Start Menu and then run the eCASE Database Administration tool as an Administrator. The eCASE Database Configuration pop-up window appears.
In the Authentication tab, complete the fields as shown below.
Field | Description |
|---|---|
Portal login mode | Select SAML SSO |
Service Provider | Relying party identifier in ADFS |
Partner Identity Provider | Federation service identifier for ADFS |
Partner Service URL | The Login page from the Identity Provider (ADFS SSO URL ends with /ADFS/ls) |
Partner Certificate File | Signing certificate from ADFS or Internet Information Services (IIS) cert |
Click Save.
In the eCASE Portal Administration, set the Membership Provider to ADFS, Partner Identity Provider to http://<<ServerName>>/adfs/services/trust, and Logout URL to http://<<Server Name>>/adfs/ls/?wa=wsignout1.0
NOTE: To configure the Logout URL, you must first configure the āsign out end pointā for eCASE and eCASE Admin in ADFS.
Click Save. This saves the settings in the database, small.config, and web.config files.
Copy the .cer file into the same folder where the web.config file is located.
Verify the web.config has the PartnerIdP set to specified partner identity provider in <appsettings> section.
Login to the eCASE application.