restteam.blogg.se -

We would not recommend leaving any of these tasks in Stage 1 to be done in parallel with any of the tasks after Stage 1. It is important that they are all completed carefully as ADFS integration can be a challenge to troubleshoot!īefore iShare GIS and ADFS are ready to be integrated with each other, the basic installation and configuration of both applications should be complete, and the networking infrastructure configured such that they are visible to one another. Integrating iShare GIS with ADFS requires 7 separate stages. The specific details of the user's group membership determines the user's permissions in iShare GIS.

The user's web browser sends the token back to iShare GIS with details of the user's group membership.

A token is issued by ADFS back to the user's web browser, which includes information that iShare GIS needs to understand about the user - for example what groups it is a member of.

The AD server confirms that the user is authenticated.

ADFS makes an authentication request against the AD server.

The users web browser sends the token to ADFS.

iShare GIS returns a token to the users web browser.

The user visits the iShare GIS website to request access.

In the above diagram, " Service" would refer to iShare GIS. Therefore: The diagram below shows the principle of how a user accessing iShare GIS is authenticated once the ADFS and iShare integration has been completed.

How iShare GIS authenticates against ADFS The subsequent use of iShare GIS is then tailored according to the user permissions determined by that user's role. This integration allows customers using iShare GIS in the Cloud to authenticate their users against an on-premise Active Directory Service, and to provide single sign-on integration for iShare GIS users. This document provides details of how iShare GIS integrates with Active Directory Federated Services (ADFS).