LUCY

User Tools

Site Tools

Trace:
sso_authentication

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
sso_authentication [2019/04/18 11:43] lucysso_authentication [2019/08/23 15:49] lucy
Line 20: Line 20:
   * ADFS 4.0 (Windows Server 2016)   * ADFS 4.0 (Windows Server 2016)
   * ADFS 5.0 (Windows Server 2019)   * ADFS 5.0 (Windows Server 2019)
 +  * Azure AD (refer to [[sso_azure|this guide]] to have a detailed instructions)
  
 The connection to the AD FS can be configured within the Settings / SSO Configuration:  The connection to the AD FS can be configured within the Settings / SSO Configuration: 
Line 68: Line 69:
 ===== Create the Relying Party Trust in AD FS ===== ===== Create the Relying Party Trust in AD FS =====
  
-  * Copy the **Lucy Metadata Endpoint** link аrom the **SSO Configuration** page:+  * Copy the **Lucy Metadata Endpoint** link from the **SSO Configuration** page:
  
 {{ ::sso_metadata_link.png?600 |}} {{ ::sso_metadata_link.png?600 |}}
  
   * On your AD FS server, open the **AD FS Management** console, expand **Trust Relationships** and select the **Relying Party Trusts** node. In the Actions pane, click **Add Relying Party Trust**:   * On your AD FS server, open the **AD FS Management** console, expand **Trust Relationships** and select the **Relying Party Trusts** node. In the Actions pane, click **Add Relying Party Trust**:
 +
 +**Attention** :!: If the Lucy Admin Console is configured on a non-standard port (for example, port 8443, see more [[firewall_security_settings|here]]), then you will need to add **two separate entry of Relying Party Trust** with the identical parameters, but different Federation metadata address (URL): \\
 +The first will be: **https://lucydomain.com/service-provider/endpoint/metadata/lucy-sp** \\
 +Second: **https://lucydomain.com:8443/service-provider/endpoint/metadata/lucy-sp** \\
 +\\
 +In case access to the Lucy Admin Console is limited to a range of IP addresses, you must include an ADFS server in this range.
  
 {{ ::sso_add_relying_party_trust.png?600 |}} {{ ::sso_add_relying_party_trust.png?600 |}}
Line 158: Line 165:
  
 {{ ::sso_ssl_for_awareness_website.png?600 |}} {{ ::sso_ssl_for_awareness_website.png?600 |}}
 +
 +
 +===== Troubleshooting =====
 +
 +**Issue**: An error occurs when importing a data about the relying party (Lucy Metadata Endpoint URL):
 +
 +{{ ::troubleshooting_metadata_url.png?400 |}}
 +
 +**Solution**: Copy the URL of Lucy Metadata Endpoint from the SSO Configuration page and paste into the address bar in your browser. Rename the downloaded file to "lucy-sp.xml". Use the file to import the data about relying party:
 +
 +{{ ::troubleshooting_metadata_url2.png?400 |}}
 +
 +**Issue**: A blank page is opened after successful login with a single sign-on. \\
 +
 +**Solution**: The time difference between AD FS and Lucy servers can cause an authentication problem. Make sure that the time zone setting is correct on the Advanced Settings page in Lucy.
sso_authentication.txt · Last modified: 2021/03/16 14:36 by lucy