FNMS SAML 2.0 via ADFS

mschwach · ‎Jul 01, 2021

We're trying to establish SAML 2.0 Authentication in our env. with a revers-proxy before the application. So user is accessing revers-proxy to reach application. Now we want also establish SAML 2.0, and somehow we're doing it wrong.

Does anyone have experiences with this constellation?

And on top of that, we're using multi-tenant setup.

and we followed these instructions:
https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/FNMS-SAML-Setup-WebUI-configuration-guide-to-enable-SSO-SAML-in/ta-p/157804

regards,

Matthias

mschwach · ‎Jul 01, 2021

is it a on-premise env? yes it is

emtmeta · ‎Jul 01, 2021

@mschwach

Yes, i have recently integrated FNMS with ADFS for SAML authentication.

Please find the attached document which i got from the following community article.

https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/403-error-when-using-SAML-authentication-through-ADFS/tac-p/190264#M1738

Note : Make sure all the URLs mentioned in the SAML guide you mentioned is correct , as the URLs are case sensitive and failing to follow that may case error.

Regards,

Junaid Vengadan

mschwach · ‎Jul 02, 2021

Hello junaid_vengadan,

thanks a lot for feedback.

Unfortunately, it seems like the document is for Cloud-based System but not for on-premise.

emtmeta · ‎Jul 02, 2021

@mschwach

Yeah the document is for the cloud version .

You need to modify the web.conf along with importing the metadata and certificate ( for offline mode) , you can follow the same steps mentioned in the below article to configure the web.conf

https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/Ultimate-SSO-SAML-configuration-guide-in-FlexNet-Manager-Suite/ta-p/157608

Regards,

Junaid Vengadan

abiney · ‎Jul 05, 2021

Hi @mschwach,

@emtmeta is right. Although the document is for the cloud version, the steps are the same.

Please check the URLs as they are case sensitive—for example, the endpoint URL.

'https://hellotest.com/Testing/Checking/SUCCEED to 'https://hellotest.com/Testing/Checking/Succeed'

I hope this help.

Regards,

Albert

mschwach · ‎Jul 05, 2021

Hi @ll,

many thanks for your contributions.

I've tried all variants of your suggested steps. But, without a success.

I also noticed something when reviewing document: "ADFS FNMS SAML 2.0 configuration.docx"

at point 5 - I am unable to do something in the WebUI, because it doesn't give me the option to do so. This might be different on a cloud based solution but it doesn't fit in an on-premise + multi-tenant env.

So I investigated a little further, and now I'm facing another issue, which said that in the URL the TENANT wasn't given.
(Please see screenshot)

emtmeta · ‎Jul 05, 2021

@mschwach

If you are referring to step number 5 that is "Enter the ADFS metadata URL" , you need to add this in web.conf file for FNMS On-Premise version .

if you need more details about configuring the web.conf , please refer the below URL
https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/FNMS-SAML-Setup-WebUI-configuration-guide-to-enable-SSO-SAML-in/ta-p/157804

To make it easy, you need to configure the below in Web.conf ( don't forgot to take backup of original web.conf before you do the changes)

signOn authenticationType from windows to SAML
you also need to change <kentor.authServices> section by referring the above article

Once you completed the web.conf , you also need to change IIS Auth type for Suite .

I recommend you to use the below documentation along with the DFS conf guide that you have , that speak about everting that you need.

https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/Ultimate-SSO-SAML-configuration-guide-in-FlexNet-Manager-Suite/ta-p/157608

If you still have the issues after configurations, share the webui logs here or with support.

Regards,

Junaid Vengadan