Getting Started with Identity Broker

This is not the latest version of Identity Director documentation.
View available documentation.

Install the Windows Authentication Provider (optional)

The Windows Authentication Provider is only needed if you want to use Windows Authentication as an Identity Provider.

To set up the Windows Authentication Provider within the same Windows domain as the Identity Broker, select Yes for Run Windows Authentication on this broker in the Identity Broker Setup Wizard (see Install the Identity Broker). This will install the Windows Authentication Provider on the same server as the Identity Broker.
To set up the Windows Authentication Provider on another machine, use the RES Identity Broker WinAuth 10.1.0.0.msi installation file. Follow the Setup Wizard and provide the requested information.

Setup Wizard

1. Specify an installation folder. By default, the Windows Authentication Provider will be installed in C:\Program Files\RES\Identity Broker\WinAuth.
2. In the Configure IIS Binding step, specify the Fully Qualified Domain Name (FQDN, at Hostname) and Port for the Windows Authentication Provider.
   Example: authserver.mycompany.com
   Machines that access Identity Consumers that are configured to use the Windows Authentication Provider to authenticate users, must be able to resolve the FQDN you entered at Hostname.
   Select an installed certificate for the SSL binding of the website. You can select from a list that is populated with computer certificates from the Personal Certificate Store. The certificate must cover the FQDN of the server on which you install the Windows Authentication Provider.
   For test systems, you can use the option Generate Self-Signed Certificate.This test certificate must be installed in the Trusted Root Certification Authorities store of any machine accessing the server. We recommend you do not use self-signed certificates in a production environment.
   For more information: What types of Microsoft IIS Server Certificates can be used with RES web-portal products

   In IIS, the installation creates the RES site and deploys the Windows Authentication Provider as the web application RES > WinAuth:
   

   If the RES site already exists in IIS, the Configure IIS Binding step is skipped: the binding configuration is already in place.

3. In the Configure Identity Broker Access step:
   • Identity Broker Address: Specify the Identity Broker Address you entered in the Configure Other Settings step during installation of the Identity Broker.
     Example: https://server.mycompany.com
   • Unique Callback Path: Specify a unique path that this instance of the Windows Authentication Provider will use to communicate with the Identity Broker. The Unique Callback Path cannot contain spaces or special characters.
     The default value is winauth.

     The Windows Authentication Provider redirects to this path on the Identity Broker in step 7 and 8 of the Authentication sequence (see Authentication sequence).

   • Realm: Specify a unique URN (Uniform Resource Name) for this instance of the Windows Authentication Provider. This URN will be used as part of the validation routine by the Identity Broker.
     The default value is urn:idbroker.

See also

• Prerequisites
• Install the Identity Broker
• Configuration