Configure Microsoft Active Directory Federation Services Integration with SAML

Using Security Assertion Markup Language (SAML), a user can use their managed account credentials to sign in to enterprise cloud applications via Single Sign-On (SSO). An Identity Provider (IdP) service provides administrators with a single place to manage all users and cloud applications. You don't have to manage individual user IDs and passwords tied to individual cloud applications for each of your users. An IdP service provides your users with a unified sign-on across all their enterprise cloud applications.

Active Directory Federation Services can be configured to authenticate users stored in an LDAP directory (see Configure AD FS to authenticate users stored in LDAP directories).

These instructions were prepared using Windows Server 2016, though other, recent versions should also work.

There are two parts to this procedure:

  • Part 1: Adding a Relying Party Trust
  • Part 2: Edit Claim Issuance Policy
How to Configure Microsoft Active Directory Federation Services Integration with SAML (Part 1: Adding a Relying Party Trust)
  1. Open Microsoft Active Directory Federation Services Management. The AD FS page is displayed.

  1. From the AD FS node, click Relying Party Trusts.
  2. In the Actions panel, click Add Relying Party Trust. The Add Relying Party Trust Wizard is displayed, at the Welcome step.

  1. Click Start. The Select Data Source step is displayed.

  1. Select Enter data about the relying party manually, and click Next. The Specify Display Name step is displayed.

  1. Enter a display name and click Next. The Configure Certificate step is displayed.

  1. Accept the defaults by clicking Next. The Configure URL step is displayed.

  1. Select Enable support for the SAML 2.0 WebSSO protocol.
  2. Leaving the wizard open, log in to Acunetix 360:
  • From the sidebar, click Settings, then Single Sign-On. The Single Sign-On page is displayed.
  • Select the Active Directory Federation Services tab.
  • Copy the URL from the SAML 2.0 Service URL field.
  1. Back in the Microsoft AD FS Wizard, paste the URL into the Relying party SAML 2.0 SSO service URL field.
  2. Click Next. The Configure Identifiers step is displayed.

  1. Leaving the wizard open, go to the AD FS tab in Acunetix 360's SSO page, and copy the URL from the Identifier field.
  2. Back in the Microsoft AD FS Wizard, paste the URL into the Relying party trust identifier field. Click Add, then Next. The Choose Access Control Policy step is displayed.

  1. Select Permit everyone and click Next. The Ready to Add Trust step is displayed.

  1. Review your settings, and click Next. The Finish step is displayed.

  1. Click Close.
How to Configure Microsoft Active Directory Federation Services Integration with SAML (Part 2: Edit Claim Issuance Policy)
  1. Open Microsoft Active Directory Federation Services Management. The AD FS page is displayed.

  1. From the AD FS node, click Relying Party Trusts. The Relying Party Trust that you have just created is listed in the central panel.

  1. Right click the trust and select Edit Claim Issuance Policy. The Edit Claim Issuance Policy for Acunetix360 dialog box is displayed.

  1. Click Add Rule. The Add Transform Claim Rule Wizard dialog is displayed, open at the Choose Rule Type step.

  1. From the Claim rule template drop-down, select Send LDAP Attributes as Claims.
  2. Click Next. The Configure Claim Rule step is displayed.

  1. In the Claim rule name field, enter a name.
  2. From the Attribute store drop-down, select Active Directory.
  3. In the Mapping of LDAP attributes to outgoing claim types section, select the following attributes from the drop-down lists.

LDAP Attributes

Outgoing Claim Type

User-Principal-Name

Name ID

Given-Name

Given Name

Surname

Surname

  1. Click Finish.
  2. Download AD FS SAML Metadata from this location: https://<server-address>/FederationMetadata/2007-06/FederationMetadata.xml.
  3. Open the downloaded AD FS SAML metadata file, and copy the URL located in the EntityDescriptor node>entityID attribute.
  1. Then, log in to Acunetix 360, and from the sidebar click Settings, then Single Sign-On. The Single Sign-On page is displayed.
  2. Select the Active Directory Federation Services tab and paste the URL into IdP Identifier field.
  3. Copy the URL from the SingleSignOnService node>Location attribute field.
  4. Then in Acunetix 360's Single Sign-On page, paste the URL into SAML 2.0 Endpoint field.
  5. Finally, copy the content of the X509Certificate node (signing).
  6. Then in Acunetix 360's Single Sign-On page, paste it into the X.509 Certificate field.

  1. In Acunetix 360's Single Sign-On page, click Save Changes.

 

« Back to the Acunetix Support Page