The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
Configuring an Active Directory Federation Services Relying Party for use with Socialcast Single Sign On (2035246)
This article provides information on configuring Relying Party in the Active Directory Federation Services (ADFS) 2.0 Management tool.
Creating Relying Party
To create a Relying Party:
- Open the ADFS 2.0 Management Tool.
- Navigate to Trust Relationships > Relying Party Trusts.
- In the Actions panel, click Add Relying Party Trust to start the wizard.
- For Select Data Source, select the Import data about the relying party from a file option and select the metadata file that was provided from Socialcast or downloaded from Ping Federate.
- Enter a name in the Display name file.
- Select Permit all users to access this relying party in the Choose Issuance Authorization Rules step.
- Click Next to add the Relying Party Trust.
Editing Claim Rules
To be able to add user attributes from Active Directory to a Claim, at least one rule needs to be defined. To edit a rule, right-click the Socialcast Relying Party Trust and click Edit Claim Rules.
Issuance Transform Rules
To configure issuance transform rules:
- Click Add Rule.
- Select the Send LDAP Attributes as Claims rule template.
- Set the claim rule name to Get attributes.
- Set the Attribute store to Active Directory.
- In the screen that appears, select the mappings described in the following table:
Note: Triple-click each dropdown to select from the available list.
LDAP Attribute Outgoing Claim Type E-Mail-Addresses E-Mail address Given-Name Given name Title Role Surname Surname SAM-Account-Name Name ID
Warning: The LDAP Attribute used for Name ID is the unique identifier of a user in the Socialcast application. If you are using LDAP integration also, this should be the same field that is referenced as either Company Login Field Name in the SCMC dashboard for Socialcast On Premise deployments or the company_login mapping in the ldap.yml file for SaaS and Dedicated Cloud deployments
Issuance Authorization Rules
The Permit All rule that was created during setup of the Relying Party Trust should be listed here. This default rule authorizes all valid domain users access to generating valid tokens for Socialcast.
If the SSO provisioning option is disabled (enabled by default) while configuring Socialcast and users do not have accounts provisioned on the Socialcast system, access is denied to the community. Otherwise, accounts are provisioned automatically using the user information supplied from the claim.
If SSO provisioning and user restrictions are both required, it may be necessary to remove the default Permit All rule in this section and replace it with a custom rule that performs the appropriate credential/group checks. For more information on configuring a restriction based on an Active Directory group,see Restrict access to Socialcast SSO using an Active Directory group (2035687).
Request a Product Feature
To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.