locked
ADFS configuration to Okta RRS feed

  • Question

  • Hi,

    We have configured SSO application in the ADFS 2.0. We can use the application by browsing the direct URL of the application. But the problem we are facing is when the client configure the same URL in there okta dashboard its redirect to ADFS signed in page. Client required below URL's to configure the application in the okta dashboard :-

    1. Single sign on URL :
    2. Recipient URL : 
    3. Destination URL:
    4. Audience URI (SP Entity ID) :

    What will be those ??

    Please help. Thanks in advance.

    Wednesday, October 26, 2016 6:20 AM

Answers

  • As @Pierre says. use the metadata.

    e.g.

    entityID:

    <EntityDescriptor ID="_14ca84d3-a20e-492e-aa67-c7caeb3271df" entityID="http://adfs fqdn/adfs/services/trust"

    Single sign on URL:

    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://adfs fqdn/adfs/ls/"/>
            <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://adfs fqdn/adfs/ls/"/>

    etc.

    But any half-decent system allows you to import partner metadata so you don't have to do this.

    Sunday, October 30, 2016 7:50 PM

All replies

  • Are you asking what you should enter in the Okta configuration page?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Wednesday, October 26, 2016 1:46 PM
  • Yes correct. Thanks for the reply.
    Thursday, October 27, 2016 7:52 AM
  • Well, then isn't more an Okta question than an ADFS question? But anyways, the list of endpoints are available in the federation metadata: https://<your ADFS FQDN>/FederationMetadata/2007-06/FederationMetadata.xml

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, October 27, 2016 6:47 PM
  • As @Pierre says. use the metadata.

    e.g.

    entityID:

    <EntityDescriptor ID="_14ca84d3-a20e-492e-aa67-c7caeb3271df" entityID="http://adfs fqdn/adfs/services/trust"

    Single sign on URL:

    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://adfs fqdn/adfs/ls/"/>
            <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://adfs fqdn/adfs/ls/"/>

    etc.

    But any half-decent system allows you to import partner metadata so you don't have to do this.

    Sunday, October 30, 2016 7:50 PM