Configuring Kudos® to Use Your ADFS:
- Go to ⚙️ > Account > Integrations > SSO
- Enter your Sign On URL (Identity Provider Endpoint)
- Enter your x.509 certificate
- Choose a logout URL (ie. where your users go after log out). Use your Kudos® platform URL if you are using the SharePoint Integration.
- Enter your Kudos® platform URL (enter the subdomain only, see example below)
- Click Save.
To configure your organization's servers, please follow these steps:
- Enable support for the SAML 2.0 WebSSO and add your custom Kudos® platform URL (e.g., companyname.kudosnow.com)
- Relying party trust identifier URL is you Kudos® platform URL /saml (e.g., https://companyname.kudosnow.com/saml)
- Permit/deny all user access based on requirements.
- Click Finish
- Open the properties for the newly created Relying Party Trust
- Go to the Advanced tab, select SHA-1 for Secure Hash Algorithm
- Select Edit Claim Rules for the new trust
- Add the rule "Send LDAP attributes as Claims”
- Select the LDAP attribute from the Attribute Store containing an email for a user. Map this to an outgoing claim type of E-Mail Address
- Create a second rule called NameIdPolicy
- Select ‘Send claims using a custom rule’ and paste in the following text:
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"] => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer =c.Issuer,
OriginalIssuer = c.OriginalIssuer,
Value = c.Value, ValueType = c.ValueType,Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
7. Set your sign on url to be https://login.yourcompanyname.com/adfs/ls
- Certificate x509 must be a ‘BEGIN CERTIFICATE’ and an 'END CERTIFICATE' with the base64 encoded blurb formatted into 64 character lines
- If you receive the error “HTTP Error 400: The size of the request headers is too long.” this site provides some troubleshooting: http://blogs.perficient.com/
microsoft/2014/03/office-365- ad-fs-authentication-fails- due-to-token-size/
We hope this helps! If you have any questions, please post a comment below and one of our friendly team members will be happy to assist you.