By registering Common Services in AD FS as an application group, you can
transfer authentication for the Hitachi Ops Center Portal to AD FS.
The following settings are also necessary for registering AD FS
in Common Services and should be determined in advance:
-
Alias name of AD FS
The alias name is an identifier that uniquely identifies AD FS in Common
Services. You can specify up to 64 characters consisting of halfwidth
alphabetic characters (lowercase only), numeric characters, hyphens, and
underscores. You cannot change the registered value later.
- Example:
- adfs_oidc_ad5
-
URI of the Web API identifier
The Web API identifier is an identifier that AD FS uses to uniquely identify
Common Services. Although you can specify any valid character string, a good
practice is to use a name that is easy to identify (such as the host name of
the Common Services management server).
- Example:
- https://common_services_host
-
Log in to the AD FS server.
-
Select .
-
From the tree on the left side, select . In the pane on the right side, click .
-
In the Welcome window, set the following items, and then click
Next:
- Name
- A name of your choice.
- Template
- Select Server application accessing a web
API.
-
In the Server application window, set the following items, and then
click Next:
- Client Identifier
- Record this information for when you register
AD FS in Common Services.
- Redirect URI
Specify the host name and port number of the Common Services
management server, along with the AD FS alias name:
https://host-name:port-number/auth/realms/opscenter/broker/alias-name/endpointFor alias-name, specify the AD FS alias name that
you determined in advance.
-
In the Configure Application Credentials window, select the Generate
a shared secret check box.
Make a note of the Secret, for when you register AD FS in Common
Services.
-
Click Next.
-
In the Configure Web API window, for Identifier, specify the URI of
the Web API identifier that you determined in advance, click
Add, and then click Next.
-
In the Choose Access Control Policy window, specify an access control policy,
and then click Next.
-
In the Configure Application Permissions window, select the following check
boxes for Permitted scopes, and then click
Next.
- allatclaims
- email
- openid
- profile
-
In the Summary window, make sure that the settings are correct, and
then click Next.
-
In the Finish window, click Close.