Documentation


Use this guide to integrate SecureAuth® Identity Platform and enable advanced identity capabilities to your internal applications. 

Prerequisites

  • Visual Studio Identity and Access Tool plug-in for Windows Identity Foundation
  • Your application must be configured for .NET Framework 4.5 or later
  • Valid SSL certificate on the application server (not required, but ensures no end user error messages in the browser)

Identity Platform configuration

  1. Go to the Post Authentication tab. 
  2. In the Post Authentication section, set the Authenticated User Redirect to WS-Federation Assertion
  3. In the SAML Assertion / WS Federation section, set the following: 

    WSFed Reply To/SAML Target URLSet to the URL of the .NET application. 
    WSFed/SAML IssuerSet to the URL (including realm number) of the Identity Platform realm. 
    Signing Cert Serial NumberClick the Select Certificate link to select the appropriate publicly trusted SSL / signing certificate. 
    DomainProvide the domain in order to download the Metadata File to send to the application. 

  4. In the WS-Trust Endpoint Configuration section, click the View and Configure WS-Trust endpoints link. 

    Windows transport endpoint works only if the Identity Platform realm is configured for Windows single-sign on (SSO). For more information, see Windows desktop SSO configuration



    The WS-Trust Host Name and WS-Trust Endpoint Configuration sections appear. 

  5. In the WS-Trust Host Name section, set the Host Name to the fully qualified domain name (FQDN) of the Identity Platform appliance.  For example, secureauth.company.com. 
  6. In the WS-Trust Endpoint Configuration section, select the following check boxes to enable the following Endpoint Paths
    • /2005/usernamemixed
    • /2005/windowstransport
  7. Save your changes. 

Visual Studio configuration

  1. After installing the Identity and Access tool plugin for the Windows Identity Foundation, open the application project. 
  2. Right-click the project and choose Identity and Access Control
  3. Set the following: 

    Enter the path to the STS metadata documentSet to  https://<SecureAuthServerAddress>/<SecureAuthRealmNumber>/FederationMetadata/2007-06/FederationMetadata.xml
    Enter the APP ID URI (realm) of your applicationSet to https://<SecureAuthServerAddress>/<SecureAuthRealmNumber>

  4. Click OK
    The .NET project is now set up to use WS-Federation for federation/SSO. 

Next steps

Test the workflow by going to the URL of your application. From there, you are redirected to the Identity Platform for authentication and then redirected back to the application after a successful log in. 

Tips and warnings

  • To enable Deep Linking for this application, remove the WS-FED Reply from the web.config file in the .NET application that was created.
  • To troubleshoot any issues, verify the Issuer is the same on the Identity Platform as in the web.config file for the .NET application.