Registering Common Services in AD FS as an application group

Ops Center Installation and Configuration Guide

Version
11.0.x
Audience
anonymous
Part Number
MK-99OPS001-23
By registering Common Services in AD FS as an application group, you can transfer authentication for the Hitachi Ops Center Portal to AD FS.

The following settings are also necessary for registering AD FS in Common Services and should be determined in advance:

  • Alias name of AD FS

    The alias name is an identifier that uniquely identifies AD FS in Common Services. You can specify up to 64 characters consisting of halfwidth alphabetic characters (lowercase only), numeric characters, hyphens, and underscores. You cannot change the registered value later.

    Example:
    adfs_oidc_ad5
  • URI of the Web API identifier

    The Web API identifier is an identifier that AD FS uses to uniquely identify Common Services. Although you can specify any valid character string, a good practice is to use a name that is easy to identify (such as the host name of the Common Services management server).

    Example:
    https://common_services_host
  1. Log in to the AD FS server.
  2. Select Start > Windows Administrative Tools > AD FS Management.
  3. From the tree on the left side, select AD FS > Application Groups. In the pane on the right side, click Application Groups > Add Application Group.
  4. In the Welcome window, set the following items, and then click Next:
    Name
    A name of your choice.
    Template
    Select Server application accessing a web API.
  5. In the Server application window, set the following items, and then click Next:
    Client Identifier
    Record this information for when you register AD FS in Common Services.
    Redirect URI

    Specify the host name and port number of the Common Services management server, along with the AD FS alias name:

    https://host-name:port-number/auth/realms/opscenter/broker/alias-name/endpoint

    For alias-name, specify the AD FS alias name that you determined in advance.

  6. In the Configure Application Credentials window, select the Generate a shared secret check box.
    Make a note of the Secret, for when you register AD FS in Common Services.
  7. Click Next.
  8. In the Configure Web API window, for Identifier, specify the URI of the Web API identifier that you determined in advance, click Add, and then click Next.
  9. In the Choose Access Control Policy window, specify an access control policy, and then click Next.
  10. In the Configure Application Permissions window, select the following check boxes for Permitted scopes, and then click Next.
    • allatclaims
    • email
    • openid
    • profile
  11. In the Summary window, make sure that the settings are correct, and then click Next.
  12. In the Finish window, click Close.