Protect Fortified ID apps

Scenario

This use case describes how you configure ADFS to protect an Fortified ID application. We will use the Fortified ID application Portal as the example application.

We will use Microsoft Active Directory as user store.

Prerequisite

Windows server 2019 or later
Microsoft Active Directory Make sure you have a test user, Bobby Clarke, created with following LDAP attribute:
- Bobby Clarke (displayName)
- bobbyc (sAMAccountName)
- bobby.clarke@fortifiedid.se (mail)
- carLicense attribut with values AWS; Zoom; Office 365; Citrix and ServiceNow
Microsoft ADFS added as service
FortifiedID Portal installed
For convenience all product run on the same machine so localhost can be used. If you have several servers you need to change localhost to the server name of the different servers.

Configuration of use case environment

Download and add configuration

Remember that this use case does not describe installation of the products. Products are expected to be installed in advanced.

Download ZIP containing configuration for Portal
Add Integrity Portal configuration to your environment.
1. Add the customer_Portal folder to you \..\fortifiedid\portal\ folder. Rename the existing customer folder to customer_ORG and rename the added one to \customer.

Update the configuration to map your environment

The downloaded folders contains all information needed. For example, a test certificate and metadata files are included and configured to work with the example applications. However, some data needs to be changed to map your environment. You need to update the LDAP data to map your environment. Since this example was done on a Windows server you might need to update file paths if you run something else. Also the http ports might need to be changed if they are not available in your environment.

To make it easy both application folders have a file called globals.json that contains the data you need to change. Config.json uses the variables in globals.json.

Open globals.json for \..\fortifiedid\portal\config and update:
1. LDAP data to map you environment
2. File paths
3. HTTPS if needed for Portal. It is already configured with a self sign certificate.
When updated go to services and start Start Fortified ID Portal service.
Verify server.log file that service running without errors.

Important notes for this use case

Fortified ID Portal access ADFS over HTTPS. This means that Portal to use a certificate for both HTTPS traffic and SAML singing. In this use case we have added self signed certificates, if they have expired depending when you run the use case, you might need to update them.

Configuration of ADFS and Fortified ID Portal

ADFS and Fortified ID Portal needs to be individual configured with meta data exchange for example.

Change metadata URL for ADFS in config.json

Metadata for ADFS is read by Portal by ADFS metadata URL.

Open Windows Explorer
Open folder C:\Program Files\FortifiedID\portal\customer\config\
Open file config.json
Go to line 52, see line below "url": "https://ec2amaz-cp7sf2p.company.local/FederationMetadata/2007-06/FederationMetadata.xml"
Change ec2amaz-cp7sf2p.company.local to the server path of your environment. Tips! You can try the path in a browser to verify connection. It should download the XML if successful.
Save and restart the Portal service.

Extract metadata from Fortified ID Portal

We extract the metadata file from Fortified ID Portal to provide for ADFS to trust and find the Fortified ID Portal.

Make sure the Fortified ID Portal service is started
Open Windows Explorer
Open folder: C:\Program Files\FortifiedID\portal\customer\config\resources_internal\saml_sp_metadata
Copy the sp_portal.xml to a folder on your desktop for example. Note. sp_portal is generated and created during startup of Portal service.

Add Fortified ID Portal as a Relying Party Trust in ADFS

Open ADFS tool
Right click Relying Party Trust
Click Add Relying Party Trust...
Click Start
Click Import data about the relying party from a file
Click Browse and select the previous section copied sp_portal.xml file
Click Next
Give the party a name, for example Fortified ID Portal, and click Next
Click Permit everyone and click Next
Click tabs and verify that for example Endpoint tab has data about Portal, click Next
Click Finish

Add Claim Issuance to Portal Relying Party

Open ADFS tool
Click Relying Party Trust
Right click the Fortified ID Portal relying trust you just created and click Edit Claim Issuance Policy...
Click Add Rule...
Click Ok to close

Test Fortified ID Portal with ADFS

Now all configuration is done. It is time to test.

Start services

Verify in services that Fortified ID Portal service and Active Directory Federation Services service are started.

Open a browser. Tips is to use Google Chrome together with the SAML Tracer extension.
You should end up to the ADFS login page since ADFS is the SAML IdP.
1. Login as company\bobbyc (change to your domain name) and password
After successfully logged in you should end up back at Fortified ID Portal

PreviousADFS NextInstall and configure Fortified ID ADFS adapter for Siths eID

Last updated 1 year ago

Protect Fortified ID apps

Scenario

This use case describes how you configure ADFS to protect an Fortified ID application. We will use the Fortified ID application Portal as the example application.

We will use Microsoft Active Directory as user store.

Prerequisite

Windows server 2019 or later
Microsoft Active Directory Make sure you have a test user, Bobby Clarke, created with following LDAP attribute:
- Bobby Clarke (displayName)
- bobbyc (sAMAccountName)
- bobby.clarke@fortifiedid.se (mail)
- carLicense attribut with values AWS; Zoom; Office 365; Citrix and ServiceNow
Microsoft ADFS added as service
FortifiedID Portal installed
For convenience all product run on the same machine so localhost can be used. If you have several servers you need to change localhost to the server name of the different servers.

Configuration of use case environment

Download and add configuration

Remember that this use case does not describe installation of the products. Products are expected to be installed in advanced.

Download ZIP containing configuration for Portal
1. Click to download customer folders for Portal.
Add Integrity Portal configuration to your environment.
1. Add the customer_Portal folder to you \..\fortifiedid\portal\ folder. Rename the existing customer folder to customer_ORG and rename the added one to \customer.

Update the configuration to map your environment

To make it easy both application folders have a file called globals.json that contains the data you need to change. Config.json uses the variables in globals.json.

Open globals.json for \..\fortifiedid\portal\config and update:
1. LDAP data to map you environment
2. File paths
3. HTTPS if needed for Portal. It is already configured with a self sign certificate.
When updated go to services and start Start Fortified ID Portal service.
Verify server.log file that service running without errors.

Important notes for this use case

Configuration of ADFS and Fortified ID Portal

ADFS and Fortified ID Portal needs to be individual configured with meta data exchange for example.

Change metadata URL for ADFS in config.json

Metadata for ADFS is read by Portal by ADFS metadata URL.

Open Windows Explorer
Open folder C:\Program Files\FortifiedID\portal\customer\config\
Open file config.json
Go to line 52, see line below "url": "https://ec2amaz-cp7sf2p.company.local/FederationMetadata/2007-06/FederationMetadata.xml"
Change ec2amaz-cp7sf2p.company.local to the server path of your environment. Tips! You can try the path in a browser to verify connection. It should download the XML if successful.
Save and restart the Portal service.

Extract metadata from Fortified ID Portal

We extract the metadata file from Fortified ID Portal to provide for ADFS to trust and find the Fortified ID Portal.

Make sure the Fortified ID Portal service is started
Open Windows Explorer
Open folder: C:\Program Files\FortifiedID\portal\customer\config\resources_internal\saml_sp_metadata
Copy the sp_portal.xml to a folder on your desktop for example. Note. sp_portal is generated and created during startup of Portal service.

Add Fortified ID Portal as a Relying Party Trust in ADFS

Open ADFS tool
Right click Relying Party Trust
Click Add Relying Party Trust...
Click Start
Click Import data about the relying party from a file
Click Browse and select the previous section copied sp_portal.xml file
Click Next
Give the party a name, for example Fortified ID Portal, and click Next
Click Permit everyone and click Next
Click tabs and verify that for example Endpoint tab has data about Portal, click Next
Click Finish

Add Claim Issuance to Portal Relying Party

Open ADFS tool
Click Relying Party Trust
Right click the Fortified ID Portal relying trust you just created and click Edit Claim Issuance Policy...
Click Add Rule...
Create a rule called NameID and looks like below
Create a rule called Assertion attributes and looks like below
Result should look like:
Click Ok to close

Test Fortified ID Portal with ADFS

Now all configuration is done. It is time to test.

Start services

Verify in services that Fortified ID Portal service and Active Directory Federation Services service are started.

Open a browser. Tips is to use Google Chrome together with the SAML Tracer extension.
Browse to which is the SAML SP.
You should end up to the ADFS login page since ADFS is the SAML IdP.
1. Login as company\bobbyc (change to your domain name) and password
After successfully logged in you should end up back at Fortified ID Portal

PreviousADFS NextInstall and configure Fortified ID ADFS adapter for Siths eID

Last updated 1 year ago

Scenario

Prerequisite

Configuration of use case environment

Download and add configuration

Update the configuration to map your environment

Important notes for this use case

Configuration of ADFS and Fortified ID Portal

Change metadata URL for ADFS in config.json

Extract metadata from Fortified ID Portal

Add Fortified ID Portal as a Relying Party Trust in ADFS

Add Claim Issuance to Portal Relying Party

Test Fortified ID Portal with ADFS

Start services

Login to Portal

Scenario

Prerequisite

Configuration of use case environment

Download and add configuration

Update the configuration to map your environment

Important notes for this use case

Configuration of ADFS and Fortified ID Portal

Change metadata URL for ADFS in config.json

Extract metadata from Fortified ID Portal

Add Fortified ID Portal as a Relying Party Trust in ADFS

Add Claim Issuance to Portal Relying Party

Test Fortified ID Portal with ADFS

Start services

Login to Portal