This guide gives a brief overview for Setting up Windows Integrated Authentication for Cloud Applications.
miniOrange Single sign-on (SSO) server allows you to login to your applications without re-entering your credentials after you authenticate yourself into the Windows domain by login into a system joined to the Active Directory domain. miniOrange achieves this by installing a component on a Windows Server joined to the Active Directory (AD) domain that, basically acts as a SAML 2.0 Identity Provider. When the user tries to access a cloud application like Salesforce, the request is sent to the miniOrange SSO Server which in turn forwards the request to the on-premise miniOrange SAML module installed in the Windows machine which determines the user logged in, and performs SSO based on the response from the module.
setspn -S HTTP/##Server FQDN## ##Domain Service Account##
setspn -S HTTP/server.contoso.com CONTOSO\iwauser
system.webServer/security/authentication/windowsAuthentication
Parameter | Description | Sample Value |
$this->ldap_server_url | Full URL of your LDAP server, with port | http://server.contoso.com:389 |
$this->ldap_bind_account_dn | Distinguished Name of your LDAP Service Account | CN=Service User,CN=Users,DC=contoso,DC=com |
$this->ldap_bind_account_password | Password of your LDAP Service Account | - |
$this->search_base | Search base in which to look for users | CN=Users,DC=contoso,DC=com |
$this->search_filter | Search filter | (|(userprincipalname=?)(samaccountname=?)) |
$this->user_attributes | List of attributes that you want to fetch from AD & send in response | array("givenname", "sn", "mail", "department", "userprincipalname") |
Parameter | Value |
ACS URL | https://<branding>.xecurify.com/moas/broker/login/saml/acs/<CustomerID> For example, if the branding set in your miniOrange account is iwatest, with customer ID 123456, then the value of this parameter will be: https://iwatest.xecurify.com/moas/broker/login/saml/acs/123456 |
Issuer | Hostname of the Windows Server, for example https://server.contoso.com |
Audience | https://login.xecurify.com/moas |
Parameter | Value |
IDP Entity ID | As set in the previous section under Issuer |
SAML SSO Login URL | Of the format http://<hostname-of-server>/saml-xecurify/samlsso.php For example, if the FQDN of your Windows Server is server.contoso.com, then the value of this parameter will be: http://server.contoso.com/saml-xecurify/samlsso.php |
Audience | https://login.xecurify.com/moas |