cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

FNMS SAML 2.0 via ADFS

We're trying to establish SAML 2.0 Authentication in our env. with a revers-proxy before the application. So user is accessing revers-proxy to reach application. Now we want also establish SAML 2.0, and somehow we're doing it wrong.

Does anyone have experiences with this constellation?

And on top of that, we're using multi-tenant setup.

and we followed these instructions:
https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/FNMS-SAML-Setup-WebUI-configuration-guide-to-enable-SSO-SAML-in/ta-p/157804

 

regards,

Matthias

 

(7) Replies
is it a on-premise env? yes it is

@mschwach 

 

Yes, i have recently integrated FNMS with ADFS for SAML authentication.

 

Please find the attached document which i got from the following community article.

https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/403-error-when-using-SAML-authentication-through-ADFS/tac-p/190264#M1738 

 

Note : Make sure all the URLs mentioned in the SAML guide you mentioned is correct , as the URLs are case sensitive and failing to follow that may case error.

 

Regards,

Junaid Vengadan

Hello junaid_vengadan,

thanks a lot for feedback.

Unfortunately, it seems like the document is for Cloud-based System but not for on-premise.

@mschwach

Yeah the document is for the cloud version .

You need to  modify the web.conf along with importing the metadata and certificate ( for offline mode) , you can follow the same steps mentioned in the below article to configure the web.conf 

https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/Ultimate-SSO-SAML-configuration-guide-in-FlexNet-Manager-Suite/ta-p/157608 

 

Regards,

Junaid Vengadan

 

abiney
By
Flexera Alumni

Hi @mschwach,

@emtmeta is right. Although the document is for the cloud version, the steps are the same.

Please check the URLs as they are case sensitive—for example, the endpoint URL.

'https://hellotest.com/Testing/Checking/SUCCEED to 'https://hellotest.com/Testing/Checking/Succeed' 

I hope this help.

Regards,

Albert

Hi @ll,

many thanks for your contributions.

I've tried all variants of your suggested steps. But, without a success.

I also noticed something when reviewing document: "ADFS FNMS SAML 2.0 configuration.docx"

at point 5 - I am unable to do something in the WebUI, because it doesn't give me the option to do so. This might be different on a cloud based solution but it doesn't fit in an on-premise + multi-tenant env.

So I investigated a little further, and now I'm facing another issue, which said that in the URL the TENANT wasn't given.
(Please see screenshot)

tempsnip.png

 

 

@mschwach 

 

If you are referring to step number 5 that is "Enter the ADFS metadata URL" , you need to add this in web.conf file for FNMS On-Premise version .

if you need more details about configuring the web.conf , please refer the below URL
https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/FNMS-SAML-Setup-WebUI-configuration-guide-to-enable-SSO-SAML-in/ta-p/157804 

To make it easy, you need to configure the below in Web.conf ( don't forgot to take backup of original web.conf before you do the changes)

  •  signOn authenticationType from windows to SAML
  • you also need to change <kentor.authServices> section by referring the above article 

Once you completed the web.conf , you also need to change IIS Auth type for Suite .

I recommend you to use the below documentation along with the DFS conf guide that you have , that speak about everting that you need.

https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/Ultimate-SSO-SAML-configuration-guide-in-FlexNet-Manager-Suite/ta-p/157608 

If you still have the issues after configurations, share the webui logs here or with support.

Regards,

Junaid Vengadan