Use the following workflow to specify settings for AD FS:
The workflow for specifying settings depends on the protocol to be used.
- If you want to use OIDC:
-
- Register Common Services in AD FS as an application group.
- Set up an issuance transform rule for AD FS.
- Check the OpenID Connect Discovery endpoint of AD FS.
- Register AD FS with Common Services.
- Log in to the Hitachi Ops Center Portal as an identity provider user.
- If you want to use SAML:
-
- Check the AD FS metadata endpoint.
- Register AD FS with Common Services.
- Export Common Services metadata.
- Register Common Services in AD FS as a relying party.
- Set up a claim issuance policy.
- Log in to the Hitachi Ops Center Portal as an identity provider user.
Before using Common Services to specify settings to link with the identity provider, you must finish installing and configuring AD FS.
To link with AD FS, you must specify SSL communication settings in advance for the route from Common Services to the AD FS server. For details, see Configuring SSL communications.
Note: If you are using a host name for the Common
Services access URL, the host name of the management server must be resolvable by the identity
provider server.