SSO UMS: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 16: | Line 16: | ||
<br /> | <br /> | ||
== Installation == | ==Installation== | ||
===== Log on Web & ADFS Servers ===== | =====Log on Web & ADFS Servers===== | ||
<br /> | <br /> | ||
===== Open AD FS Management on the primary ADFS Server. ===== | =====Open AD FS Management on the primary ADFS Server.===== | ||
# Retrieve necessary ADFS information from '''"Edit Federation Service Properties"''' | #Retrieve necessary ADFS information from '''"Edit Federation Service Properties"''' | ||
## Name: | ##Name: | ||
## SingleSignOnServiceURL | ##SingleSignOnServiceURL | ||
## | ##[[File:SSO_Federation.png|center|thumb|581x581px]]SingleLogoutServiceURL | ||
# Export token-signing Certificate | #Export token-signing Certificate | ||
## Click on "'''Service'''" > "'''Certificates'''" - Right click on the primary under "'''Token-Signing'''" | ##Click on "'''Service'''" > "'''Certificates'''" - Right click on the primary under "'''Token-Signing'''" | ||
## Click on "'''View Certificate'''" > "'''Details'''" > "'''Copy to File'''" - export without the Private Key > Chose destination of Certificate | ##[[File:SSO_Certificate.png|center|frameless|625x625px]][[File:Export_Certificate_SSO.png|center|thumb|635x635px]]Click on "'''View Certificate'''" > "'''Details'''" > "'''Copy to File'''" - export without the Private Key > Chose destination of Certificate | ||
# Copy files to IIS Server at the desktop for now. | #Copy files to IIS Server at the desktop for now. | ||
<br /> | <br /> | ||
===== Open "Internet Information Services (IIS) Manager" ===== | =====Open "Internet Information Services (IIS) Manager"===== | ||
# Create Selfsigned Certificate | #Create Selfsigned Certificate | ||
## Click on the Server Name on the IIS > "'''Server Certificates'''" > "'''Create Self-Signed Certificate'''" | ##Click on the Server Name on the IIS > "'''Server Certificates'''" > "'''Create Self-Signed Certificate'''" | ||
## Specify a friendly name for the certificate: UMS-SSO <Year> | ##Specify a friendly name for the certificate: UMS-SSO <Year> | ||
## Export the Certificate to the desktop as ums-sso.pfx - '''REMEMBER THE PASSWORD''' | ##Export the Certificate to the desktop as ums-sso.pfx - '''REMEMBER THE PASSWORD''' | ||
# Copy certificates to wwwroot folder (default path: C:\inetpub\wwwroot\bin) | #Copy certificates to wwwroot folder (default path: C:\inetpub\wwwroot\bin) | ||
<br /> | <br /> | ||
===== Log on UMS Web ===== | =====Log on UMS Web===== | ||
# Enter the settings in the Web | #Enter the settings in the Web | ||
## Click on "'''Controlpanel'''" > "'''UMS Login Setup'''" | ##Click on "'''Controlpanel'''" > "'''UMS Login Setup'''" | ||
## Click on "'''Single Sign On'''" | ##Click on "'''Single Sign On'''" | ||
## Click on "'''Add'''" and give it a name. For example SSO | ##Click on "'''Add'''" and give it a name. For example SSO | ||
## Chose the created Single Sign On Setting and press Edit > Edit | ##Chose the created Single Sign On Setting and press Edit > Edit | ||
### Change '''Name''': | ###Change '''Name''': | ||
### Change '''SingleSignOnServiceUrl''' & '''SingleLogoutServiceUrl''' | ###Change '''SingleSignOnServiceUrl''' & '''SingleLogoutServiceUrl''' | ||
### Select Token Certificate file at: '''PartnerCertificateFile''' | ###Select Token Certificate file at: '''PartnerCertificateFile''' | ||
### Select Self-signed Certificate at: '''LocalCertificateFile''' & Password to the PFX in '''LocalCertificatePassword''' | ###Select Self-signed Certificate at: '''LocalCertificateFile''' & Password to the PFX in '''LocalCertificatePassword''' | ||
[[File:UMS_WEB_SSO_Settings.png|center|thumb|582x582px]] | |||
Latest revision as of 09:52, 16 September 2022
Our Single Sign-on (SSO) module is designed for schools that would like to make it easy for employees and students to use the school's various electronic systems. With the SSO module, users get one login and password that logs them into all the associated services at once.
For example, students can Access the school's LMS system, library system, digital dictionaries and databases with scientific publications - all by signing in with SSO once and for all.
This saves time and effort whenever users need to use one of the school's systems. At the same time, it gives users a simpler everyday life because they do not have to worry about having to keep in mind several logins.
Prerequisite
This requires that:
- An installed Active Directory federation services (AD FS) server.
- Access to configuration snap in. Either via Remote PowerShell or directly on the server.
- An UMS installation, licensed to SSO from inLogic.
- A star or new certificate for the address that the AD FS server needs.
Installation
Log on Web & ADFS Servers
Open AD FS Management on the primary ADFS Server.
- Retrieve necessary ADFS information from "Edit Federation Service Properties"
- Name:
- SingleSignOnServiceURL
- SingleLogoutServiceURL
- Export token-signing Certificate
- Click on "Service" > "Certificates" - Right click on the primary under "Token-Signing"
- Click on "View Certificate" > "Details" > "Copy to File" - export without the Private Key > Chose destination of Certificate
- Copy files to IIS Server at the desktop for now.
Open "Internet Information Services (IIS) Manager"
- Create Selfsigned Certificate
- Click on the Server Name on the IIS > "Server Certificates" > "Create Self-Signed Certificate"
- Specify a friendly name for the certificate: UMS-SSO <Year>
- Export the Certificate to the desktop as ums-sso.pfx - REMEMBER THE PASSWORD
- Copy certificates to wwwroot folder (default path: C:\inetpub\wwwroot\bin)
Log on UMS Web
- Enter the settings in the Web
- Click on "Controlpanel" > "UMS Login Setup"
- Click on "Single Sign On"
- Click on "Add" and give it a name. For example SSO
- Chose the created Single Sign On Setting and press Edit > Edit
- Change Name:
- Change SingleSignOnServiceUrl & SingleLogoutServiceUrl
- Select Token Certificate file at: PartnerCertificateFile
- Select Self-signed Certificate at: LocalCertificateFile & Password to the PFX in LocalCertificatePassword