https://kb.swivelsecure.com/w/index.php?title=Sentry_SSO_with_ADFS&feed=atom&action=history
Sentry SSO with ADFS - Revision history
2024-03-29T01:16:47Z
Revision history for this page on the wiki
MediaWiki 1.28.0
https://kb.swivelsecure.com/w/index.php?title=Sentry_SSO_with_ADFS&diff=5331&oldid=prev
RWithey: /* Implement Sentry Authentication Selectively */
2020-05-11T08:30:19Z
<p><span dir="auto"><span class="autocomment">Implement Sentry Authentication Selectively</span></span></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 08:30, 11 May 2020</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l132" >Line 132:</td>
<td colspan="2" class="diff-lineno">Line 132:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>or to use Sentry for selected relying parties only:</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>or to use Sentry for selected relying parties only:</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>  Set-AdfsRelyingPartyTrust -TargetName "Office 365" -ClaimsProviderName "Sentry SSO"</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>  Set-AdfsRelyingPartyTrust -TargetName "Office 365" -ClaimsProviderName <ins class="diffchange diffchange-inline">@(</ins>"Sentry SSO"<ins class="diffchange diffchange-inline">)</ins></div></td></tr>
</table>
RWithey
https://kb.swivelsecure.com/w/index.php?title=Sentry_SSO_with_ADFS&diff=5330&oldid=prev
RWithey: /* Implement Sentry Authentication Selectively */
2020-05-11T08:27:22Z
<p><span dir="auto"><span class="autocomment">Implement Sentry Authentication Selectively</span></span></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 08:27, 11 May 2020</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l132" >Line 132:</td>
<td colspan="2" class="diff-lineno">Line 132:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>or to use Sentry for selected relying parties only:</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>or to use Sentry for selected relying parties only:</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>  Set-AdfsRelyingPartyTrust -TargetName "Office 365" -ClaimsProviderName <del class="diffchange diffchange-inline">@("Swivel Secure",</del>"Sentry SSO"<del class="diffchange diffchange-inline">)</del></div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>  Set-AdfsRelyingPartyTrust -TargetName "Office 365" -ClaimsProviderName "Sentry SSO"</div></td></tr>
</table>
RWithey
https://kb.swivelsecure.com/w/index.php?title=Sentry_SSO_with_ADFS&diff=5329&oldid=prev
RWithey: /* Implement Sentry Authentication Selectively */
2020-05-11T08:26:39Z
<p><span dir="auto"><span class="autocomment">Implement Sentry Authentication Selectively</span></span></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 08:26, 11 May 2020</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l122" >Line 122:</td>
<td colspan="2" class="diff-lineno">Line 122:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>===Implement Sentry Authentication Selectively===</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>===Implement Sentry Authentication Selectively===</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>If you don't want to use Sentry authentication for all ADFS applications, or in all scenarios, you can use the PowerShell <del class="diffchange diffchange-inline">cmdlet Set-AdfsclaimsProviderTrust </del>to control it. Some examples are given in the following link:</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>If you don't want to use Sentry authentication for all ADFS applications, or in all scenarios, you can use the PowerShell <ins class="diffchange diffchange-inline">cmdlets </ins>to control it. Some examples are given in the following link:</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/home-realm-discovery-customization</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/home-realm-discovery-customization</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l132" >Line 132:</td>
<td colspan="2" class="diff-lineno">Line 132:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>or to use Sentry for selected relying parties only:</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>or to use Sentry for selected relying parties only:</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>  Set-AdfsRelyingPartyTrust -TargetName <del class="diffchange diffchange-inline">MyApp </del>-ClaimsProviderName @("Swivel Secure","Sentry SSO")</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>  Set-AdfsRelyingPartyTrust -TargetName <ins class="diffchange diffchange-inline">"Office 365" </ins>-ClaimsProviderName @("Swivel Secure","Sentry SSO")</div></td></tr>
</table>
RWithey
https://kb.swivelsecure.com/w/index.php?title=Sentry_SSO_with_ADFS&diff=5328&oldid=prev
RWithey: /* Disable Active Directory authentication */
2020-05-11T08:19:35Z
<p><span dir="auto"><span class="autocomment">Disable Active Directory authentication</span></span></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 08:19, 11 May 2020</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l109" >Line 109:</td>
<td colspan="2" class="diff-lineno">Line 109:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>and on the following page, '''Place all certificates in the following store'''. Browse and select '''Trusted Root Certification Authorities'''.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>and on the following page, '''Place all certificates in the following store'''. Browse and select '''Trusted Root Certification Authorities'''.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>===Disable Active Directory <del class="diffchange diffchange-inline">authentication</del>===</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>===Disable Active Directory <ins class="diffchange diffchange-inline">Authentication</ins>===</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>As ADFS is currently configured, you will now have a choice of Active Directory or Swivel authentication. To disable Active Directory authentication:</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>As ADFS is currently configured, you will now have a choice of Active Directory or Swivel authentication. To disable Active Directory authentication:</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Edit C:\Windows\ADFS\Microsoft.IdentityServer.Servicehost.exe.config.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Edit C:\Windows\ADFS\Microsoft.IdentityServer.Servicehost.exe.config.</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l119" >Line 119:</td>
<td colspan="2" class="diff-lineno">Line 119:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Search for “<localAuthenticationTypes” and set enabled to “false”.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Search for “<localAuthenticationTypes” and set enabled to “false”.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Restart ADFS.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* Restart ADFS.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">===Implement Sentry Authentication Selectively===</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">If you don't want to use Sentry authentication for all ADFS applications, or in all scenarios, you can use the PowerShell cmdlet Set-AdfsclaimsProviderTrust to control it. Some examples are given in the following link:</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/home-realm-discovery-customization</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">Potentially the most useful scenarios would be to bypass Sentry for intranet login:</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"> Set-AdfsProperties -IntranetUseLocalClaimsProvider $true</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">or to use Sentry for selected relying parties only:</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"> Set-AdfsRelyingPartyTrust -TargetName MyApp -ClaimsProviderName @("Swivel Secure","Sentry SSO")</ins></div></td></tr>
</table>
RWithey
https://kb.swivelsecure.com/w/index.php?title=Sentry_SSO_with_ADFS&diff=5322&oldid=prev
Admin at 12:47, 3 April 2020
2020-04-03T12:47:25Z
<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 12:47, 3 April 2020</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[[Category:Integration]]</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[[Category:Sentry]]</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>=Configuring ADFS Support for Sentry=</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>=Configuring ADFS Support for Sentry=</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>==Introduction==</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>==Introduction==</div></td></tr>
</table>
Admin
https://kb.swivelsecure.com/w/index.php?title=Sentry_SSO_with_ADFS&diff=4401&oldid=prev
RWithey: /* Claims Provider Trust */
2018-01-24T13:32:59Z
<p><span dir="auto"><span class="autocomment">Claims Provider Trust</span></span></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 13:32, 24 January 2018</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l72" >Line 72:</td>
<td colspan="2" class="diff-lineno">Line 72:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>You will need to edit the properties of this trust:</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>You will need to edit the properties of this trust:</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* Under Advanced, Secure hash algorithm must match the signing algorithm for the Sentry certificate. <del class="diffchange diffchange-inline">At the time of writing, certificates generated using the CMI use </del>SHA-<del class="diffchange diffchange-inline">1. However</del>, version <del class="diffchange diffchange-inline">4 (currently in beta) supports </del>SHA-<del class="diffchange diffchange-inline">256</del>.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* Under Advanced, Secure hash algorithm must match the signing algorithm for the Sentry certificate. <ins class="diffchange diffchange-inline">Version 4 supports </ins>SHA-<ins class="diffchange diffchange-inline">256</ins>, <ins class="diffchange diffchange-inline">but if you have an older </ins>version <ins class="diffchange diffchange-inline">of Sentry SSO, you must select </ins>SHA-<ins class="diffchange diffchange-inline">1</ins>.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>[[Image:Sentry_ADFS_ClaimsProvider_Advanced.png]]</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>[[Image:Sentry_ADFS_ClaimsProvider_Advanced.png]]</div></td></tr>
</table>
RWithey
https://kb.swivelsecure.com/w/index.php?title=Sentry_SSO_with_ADFS&diff=3371&oldid=prev
Admin: 1 revision imported
2017-05-18T09:38:19Z
<p>1 revision imported</p>
<table class="diff diff-contentalign-left" data-mw="interface">
<tr style='vertical-align: top;' lang='en'>
<td colspan='1' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='1' style="background-color: white; color:black; text-align: center;">Revision as of 09:38, 18 May 2017</td>
</tr><tr><td colspan='2' style='text-align: center;' lang='en'><div class="mw-diff-empty">(No difference)</div>
</td></tr></table>
Admin
https://kb.swivelsecure.com/w/index.php?title=Sentry_SSO_with_ADFS&diff=3370&oldid=prev
Rwithey: /* Requirements */
2017-05-15T09:51:55Z
<p><span dir="auto"><span class="autocomment">Requirements</span></span></p>
<p><b>New page</b></p><div>=Configuring ADFS Support for Sentry=<br />
==Introduction==<br />
This article describes how to configure an ADFS server to use Sentry to replace the standard Active Directory authentication. This allows a suitably configured environment to support Swivel authentication for Office 365, for example.<br />
<br />
==Requirements==<br />
<br />
ADFS integration requires version 4.x of Sentry.<br />
<br />
==Configuration Procedure==<br />
===In Swivel Core===<br />
ADFS requires the username to be in the format domain\username. To do this, you need to create a Swivel attribute that includes the prefix.<br />
<br />
In the Swivel admin console, under the repository details for the relevant AD repository, set the domain qualifier to be the short-form domain name, followed by "\" - don't forget the backslash at the end.<br />
<br />
[[File:CoreRepositoryQualifier.png]]<br />
<br />
Under Repository -> Attributes, create an attribute - for example, call it "windowsaccountname". In the definition for the AD repository, put the AD attribute name "sAMAccountName", and under domain qualifier, select "As Prefix".<br />
<br />
[[File:CoreWindowsUsernameAttribute.png]]<br />
<br />
Finally, synchronise the AD repository, to ensure that all users have an attribute in the form domain\username.<br />
<br />
===In Swivel Sentry===<br />
====Edit settings.properties====<br />
NOTE: this step is not usually necessary when using version 4.0.3 or later: the correct settings are chosen automatically for ADFS, and can be overridden in the configuration anyway. This assumes that you have added a domain prefix to the repository, and have created an attribute that uses it.<br />
<br />
This file is located under /home/swivel/.swivel/sentry on an appliance. Check the following entries:<br />
* certificateIssuer – this must be in the form of a valid URI. It is recommended that you use the public URL of Sentry, but it doesn’t have to be a real web location.<br />
* windowsaccountnamefield=username. This configures the Swivel attribute field to be used to import the username for ADFS. If you have configured a prefixed attribute above, use the name of that attribute. Otherwise, use an attribute mapped to sAMAccountName without a prefix, and set the prefix below. This latter option is the only possibility for Swivel version 3.10.5 or earlier.<br />
* windowsdomainprefix=domain. This configures the domain name to be prefixed to the ADFS username. If the attribute above already has a prefix, this should be blank. If not, make sure the “\” is included. Do not set a prefix if your attribute is already prefixed.<br />
<br />
====Application settings====<br />
In the Sentry admin console, create a new application with the following settings:<br />
* Service Provider = ADFS<br />
* Endpoint URL = <nowiki>https://<ADFS_HOST>/adfs/ls/</nowiki><br />
* Entity ID = <nowiki>http://<ADFS_HOST>/adfs/services/trust</nowiki><br />
Replace <ADFS_HOST> with the public host name of your ADFS server / proxy. Other than that, the format should not be changed: Endpoint URL should have a / on the end, Entity ID should not. Also, note that Entity ID starts with "http", '''NOT''' "https".<br />
<br />
[[Image:adfsApplication.jpg]]<br />
<br />
====Certificates====<br />
Ensure that you generate a certificate for Sentry that is current.<br />
====In ADFS Management====<br />
=====Claims Provider Trust=====<br />
Create a new Claims provider trust.<br />
<br />
[[Image:Sentry_ADFS_ClaimsProvider1.PNG]]<br />
<br />
If you can import the metadata directly from the Sentry URL: that is simplest, but it may not work, due to SSL handshaking issues. In which case, download the metadata to a file<br />
<br />
[[Image:Sentry_ADFS_Metadata.png]]<br />
<br />
and import the settings from that file.<br />
<br />
Once you have created the new trust, you will be given the opportunity to add claim rules:<br />
<br />
''Claim Rules:''<br />
<br />
Create two rules using the template “Pass Through or Filter an Incoming Claim”, as follows:<br />
<br />
[[Image:Sentry_ADFS_ClaimsProvider2.png]]<br />
<br />
* Incoming claim type = Name ID: it is recommended that you specify the format as Email, and only pass through claims matching your domain suffix.<br />
<br />
[[Image:ClaimsProvider3.png]]<br />
<br />
* Incoming claim type = Windows Account Name. There is no need to specify any other restrictions on this claim rule.<br />
<br />
[[Image:ClaimsProvider4.png]]<br />
<br />
''Settings:''<br />
<br />
You will need to edit the properties of this trust:<br />
* Under Advanced, Secure hash algorithm must match the signing algorithm for the Sentry certificate. At the time of writing, certificates generated using the CMI use SHA-1. However, version 4 (currently in beta) supports SHA-256.<br />
<br />
[[Image:Sentry_ADFS_ClaimsProvider_Advanced.png]]<br />
<br />
* Under Endpoints, there should be two endpoints configured.<br />
<br />
[[Image:Sentry_ADFS_ClaimsProvider_Endpoints.png]]<br />
<br />
If not, create them as follows. If they have been created, check that they match the following. Both are SAML endpoints:<br />
* Endpoint Type = SAML Single Sign-On, Binding = redirect, Trusted URL = https://<sentry_URL>/sentry/saml20endpoint<br />
<br />
[[Image:Sentry_ADFS_ClaimsProvider_Endpoint1.png]]<br />
<br />
* Endpoint Type = SAML Logout, Binding = redirect, Trusted URL = https://<sentry_URL>/sentry/singlelogout, Response URL = https://<sentry_URL>/sentry/singlelogout<br />
<br />
[[Image:Sentry_ADFS_ClaimsProvider_Endpoint2.png]]<br />
<br />
* Under Certificates,<br />
<br />
[[Image:Sentry_ADFS_ClaimsProvider_Certs.png]]<br />
<br />
view the imported certificate,<br />
<br />
[[Image:Sentry_ADFS_ClaimsProvider_Cert_View.png]]<br />
<br />
then click on '''Install Certificate'''.<br />
<br />
[[Image:Sentry_ADFS_ClaimsProvider_Cert_Install1.png]]<br />
<br />
Select '''Local Machine''' on the next page,<br />
<br />
[[Image:Sentry_ADFS_ClaimsProvider_Cert_Install2.png]]<br />
<br />
and on the following page, '''Place all certificates in the following store'''. Browse and select '''Trusted Root Certification Authorities'''.<br />
<br />
===Disable Active Directory authentication===<br />
As ADFS is currently configured, you will now have a choice of Active Directory or Swivel authentication. To disable Active Directory authentication:<br />
* Edit C:\Windows\ADFS\Microsoft.IdentityServer.Servicehost.exe.config.<br />
<br />
Note that you must open your text editor (for example Notepad) as administrator, or you will not be able to save the changes.<br />
<br />
[[Image:Sentry_ADFS_ServiceConfig.png]]<br />
<br />
* Search for “<localAuthenticationTypes” and set enabled to “false”.<br />
* Restart ADFS.</div>
Rwithey