Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Configuring an Active Directory Federation Services Relying Party for use with Socialcast Single Sign On (2035246)

Purpose

This article provides information on configuring Relying Party in the Active Directory Federation Services (ADFS) 2.0 Management tool.

Resolution

Creating Relying Party

To create a Relying Party:

  1. Open the ADFS 2.0 Management Tool.
  2. Navigate to Trust Relationships > Relying Party Trusts.
  3. In the Actions panel, click Add Relying Party Trust to start the wizard.
  4. For Select Data Source, select the Import data about the relying party from a file option and select the metadata file that was provided from Socialcast or downloaded from Ping Federate.
  5. Enter a name in the Display name file.
  6. Select Permit all users to access this relying party in the Choose Issuance Authorization Rules step.
  7. Click Next to add the Relying Party Trust.

Editing Claim Rules

To be able to add user attributes from Active Directory to a Claim, at least one rule needs to be defined. To edit a rule, right-click the Socialcast Relying Party Trust and click Edit Claim Rules.

Issuance Transform Rules

To configure issuance transform rules:

  1. Click Add Rule.
  2. Select the Send LDAP Attributes as Claims rule template.
  3. Set the claim rule name to Get attributes.
  4. Set the Attribute store to Active Directory.
  5. In the screen that appears, select the mappings described in the following table:

    Note: Triple-click each dropdown to select from the available list.

    LDAP Attribute Outgoing Claim Type
    E-Mail-Addresses E-Mail address
    Given-Name Given name
    Title Role
    Surname Surname
    SAM-Account-Name Name ID
Warning: The LDAP Attribute used for Name ID is the unique identifier of a user in the Socialcast application. If you are using LDAP integration also, this should be the same field that is referenced as either Company Login Field Name in the SCMC dashboard for Socialcast On Premise deployments or the company_login mapping in the ldap.yml file for SaaS and Dedicated Cloud deployments

Issuance Authorization Rules

The Permit All rule that was created during setup of the Relying Party Trust should be listed here. This default rule authorizes all valid domain users access to generating valid tokens for Socialcast. 

If the SSO provisioning option is disabled (enabled by default) while configuring Socialcast and users do not have accounts provisioned on the Socialcast system, access is denied to the community. Otherwise, accounts are provisioned automatically using the user information supplied from the claim. 

If SSO provisioning and user restrictions are both required, it may be necessary to remove the default Permit All rule in this section and replace it with a custom rule that performs the appropriate credential/group checks. For more information on configuring a restriction based on an Active Directory group,see Restrict access to Socialcast SSO using an Active Directory group (2035687).

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 1 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 1 Ratings
Actions
KB: