Getting Started with Identity Broker

Home 

Add a Windows Authentication Provider as an Identity Provider

If you installed a Windows Authentication Provider separately, the following steps are necessary after installation, to add the Windows Authentication Provider as an Identity Provider in the Identity Broker:

Step 1: Gather information

  1. Open a browser and go to the following URL: <Windows Authentication Provider HOSTNAME>/winauth/showconfig
    Example, using data from Install the Windows Authentication Provider (optional):
    authserver.mycompany.com/winauth/showconfig
  2. From the page that opens, you need the data at IdpReplyUrl, Realm and CertPublicKey.
    Endpoint Configuration page of the Windows Authentication Provider
    This information is needed for the next step.

Step 2: Configure the Windows Authentication Provider in the Identity Broker Management Portal

With the information from Step 1: Gather information, you can configure the Windows Authentication Provider in the Identity Broker.

On the Identity Provider page of the Management Portal, click Add.

  • On the New Provider page that opens, at Type, select Windows Authentication.
  • Specify the following fields:
    • Name: Specify a friendly name for the Provider. This name will only be displayed in the Identity Broker Management Portal.
    • Caption: Specify a caption for the button that is displayed to users when they select how they want to be authenticated. This selection will only be shown if more than one Identity Provider is configured in Identity Broker.
      See Resulting behavior if configured correctly for more information.

      If applicable, the selection screen is displayed in between step 3 and 4 of the Authentication sequence.

    • Provider URL: Specify the host and path where the Windows Authentication Provider is located.
      Example: authserver.mycompany.com/winauth/
      Note that the path after the hostname is case-sensitive and ends with a slash (/).

      This URL is used in step 4 and 5 of the Authentication sequence.

    • Realm: From the Gather information step, copy the data at Realm.
      Example: urn:idbroker
    • Group/Role filter (optional): Specify an expression that will be used to filter the groups that are returned from the Identity Broker to the Consumer. See Using Group/Role filters for Identity Providers.
    • Signing Certificate (Public Key): From the Gather information step, copy the data at CertPublicKey.
    • Callback Path: From the Gather information step, copy the data at IdpReplyUrl and remove the Identity Broker host. The remaining path is the Callback Path.
      Example:
      If the data at IdpReplyUrl is https://server.mycompany.com/identitybroker/ids/winauth, enter the value /identitybroker/ids/winauth for Callback Path.
      Note that the Callback Path starts with a slash (/) and is case-sensitive.

      The Windows Authentication Provider redirects to this path on the Identity Broker in step 7 and 8 of the Authentication sequence.


Was this article useful?