Symptom
If you are in our cloud, we would ask you to use the following article.
We want to configure the SAML-integration in the On-Premise version (12.12.+) with our ADFS. Which instructions do we have to follow?
Resolution
- Add a new Relying Party Trust
- Choose the option "Enter data about the relying party manually"
- Choose the "AD FS profile"-option
-
Skip the certificate option
- Activate the checkbox "Enable support for the SAML 2.0 SSO service URL" and type the following URL: https://<Ihre Server-URL>/api/v2/saml/v2/tenant/<Workspace ID>/login
(Replace the placeholder <workspace ID> with the workspace ID of your tenant. You can find the workspace ID in the Process Manager Explorer > Help > Workspace information.) - Add the Server-URL from your configuration.xml as an identifier (Please note upper and lower case letters)
Example: https://<Your Server-URL>/api/v2/saml/v2/tenant/<Workspace ID>/metadata -
Create a new outgoing claim rule, which will send LDAP attributes as claims. For this purpose, map the following outgoing claim types to LDAP attributes:
LDAP-Attribute
Outgoing Claim Type
Given Name first_name Surname last_name E-Mail Addresses email SAM-Account-Name Name Id (from the drop-down menu) -
Once the configuration on both sides has been completed, you can test the SSO via this URL:
https://<Your Server-URL>/p/hub
Keywords
KBA , BPI-SIG-CA-SEC-SAM , SAML 2.0 for SAP Signavio , How To
Product
SAP Signavio Process Manager all versions ; Signavio Process Manager all versions