Configure Active Directory Federation Services with Metric Insights for SAML Auth

This article details how to integrate Metric Insights with Active Directory Federation Services (ADFS) using the SAML protocol on the ADFS side for user auth.

Configuring ADFS

1. Add Relying Party Trust

Access the ADFS Server > AD FS Management

  1. Right-click Relying Party Trusts 
  2. Select Add Relying Party Trust to launch the Add Relying Party Trust Wizard

1.1. Welcome

  1. Choose Claims aware
  2. [Start]

1.2. Select Data Source

  1. Select Enter data about the relying party manually
  2. [Next]

1.3. Specify Display Name

  1. Specify Display Name
  2. [Next]

1.4. Configure Certificates

  1. Click [Next]

NOTE: If you need to configure encryption, it must also be configured on the Metric Insights' side.

1.5. Configure URL

Access the Installation Page for simpleSAML in Metric Insights at https://<hostname>/simplesaml

  1. From the Federation tab, click [Show metadata]
  2. Copy the location URL of HTTP-POST
  3. Select Enable support for the SAML 2.0 SSO Web SSO protocol
  4. Input the URL you copied from metadata
  5. Click [Next]

1.6. Configure URL

  1. Select Enable support for the SAML 2.0 SSO Web SSO protocol
  2. Input the URL you copied from metadata
  3. Click [Next]

1.7. Configure Identifiers

  1. Copy the Relying party trust identifier from the SAML 2.0 SP Metadata page
  2. Paste the identifier to Relying party trust identifier field and [Add]
  3. Click [Next]

1.8. Choose Access Control Policy

  1. If not selected by default, choose Permit everyone
  2. Click [Next]

1.9. Finish

  1. Check Configure claims issuance policy for this application
  2. [Close]

2. Edit Claim Issuance Policy

  1. Right-click the newly-added relying party
  2. Choose Edit Claim Issuance Policy and then click [Add rule]

2.1. Choose Rule Type

  1. Choose Send LDAP Attributes as Claims
  2. Click [Next]

2.2. Configure Claim Rule

  1. Enter Claim rule name
  2. Set Attribute store to "Active Directory"
  3. Map LDAP Attributes
  4. [Finish]

Configuring the Application

  1. Get FederationMetadata.xml from ADFS by using:
    • wget https://dc1.metricinsights.com/FederationMetadata/2007-06/FederationMetadata.xml, where https://dc1.metricinsights.com is the address of the ADFS server
  2. Parse the .xml file:
    1. In the web container, run the following command: /opt/mi/iv/data/bin/mi-saml-config.php --input-file <full path to FederationMetadata.xml> --saml-type adfsv3
    2. The metadata from the response representing the DEFINE section to be copied to the /opt/mi/external_config/saml.php and /opt/mi/external_config/saml20-idp-remote.local.php files
  3. Access Admin > System > System Variables, set SAML_ENABLED to 'Y', and [Commit Changes]. See the screen below.