Trusted Source V2

Prerequisites:


  • The Application in question should already have federated access to the application in question.
  • You will need to record which Stack this customer is on + the relevant authentication server. As we have two separate methods of authentication, this process will slightly change as to which authentication Domain is being used i.e (Federate365.com or Iamcloud.net)


  • With the application been given federate access we can start configuring TSSO for this application. 

        To Ensure all records are setup correctly. Please use the attached Excel sheet when gathering your initial information.  

        All information required is listed on the document "TSSO Creator.xlsx"



  1. You will need to set the Relaying Party trust within the relevant authentication sever (Typically the same server as to which the Application we are using to authenticate against)
  2. Displayname for this application will need to be “urn:TS:%custname%:%appshortname%” (this needs to be an identifier too)
  3. Set the Endpoint as a POST request to be :
    https://%Tenancy_GUID%-%AppShortname%-internal.federate365.com (This URL will need to be setup in AWS + forward the regional Redirection service. For this , see Step 3.
    “Eu-redir.federate365.com” or “us-redir.federate365.com" 


          You will need to now ensure the following records are setup in AWS.      

  1. Head to https://console.aws.amazon.com and sign in.
  2. Then head to Route53 >Hosted Zone
  3. Click the domain “federate365.com”

          Now you need to create 2 record sets.


          The first one will need to be configured for the Trusted Source RP Endpoint.

  • Cname = “%Tenancy_guid%-%appshortname%-internal.federate365.com”
  • Forwarder = [Relevant Redirection Service as stated in step 1b.]


          The second one will need to be configured for access to the Application in question.

  • Cname = “%Tenancy_guid%-%appshortname%.federate365.com”
  • Forwarder = [Relevant Redirection Service as stated in step 1b.]


          Now we need to create 2 smart-links to utilize the Cname entries we have configured in step

          Considering the CNAME values in AWS, we need to set the smart-links up according to the authentication domain.



          First Smart-link  (Used to access the Trusted Source RP)=


  • Cname = “%Tenancy_guid%-%appshortname%.federate365.com”
  • ReDirType = 2 (Ensure this is configured on the smart-link forwarding to the TSSO RP.)
  • Forwarder = The application wtrealm=urn address.

          (Example forwarder for new world/New auth) = https://%tenancyshortname%.iamcloud.net/%appshortname%/p-auth/?wa=wsignin1.0&wtrealm=urn:TS:%custname%:%appshortname%&IACCustid=C003196

          (Example forwarder for Old world) = https://us-fed.federate365.com/adfs/ls/?wa=signin1.0&wtrealm=urn:TS:%custname%:%appshortname%&iaccustid=C00xxxx


          Second smart-link (Used to access the application in question) 

  • Cname = “%Tenancy_guid%-%appshortname%-internal.federate365.com”
  • ReDirType = 1 (Ensure this is configured on the smart-link forwarding to the federated application RP.)
  • Forwarder = The application wtrealm=urn address.

         (Example forwarder for new world/New auth) = https://%tenancyshortname%.iamcloud.net/%appshortname%/p-auth/?wa=wsignin1.0&wtrealm=urn:%custname%:%appshortname%&IACCustid=C003196

         (Example forwarder for Old world) = https://us-fed.federate365.com/adfs/ls/?wa=signin1.0&wtrealm=urn:%custname%:%appshortname%&iaccustid=C00xxxx

         Now that this has been configured, We should now be able to hit the smart-link Cname that we have setup for the “urn:TS:%custname%:%appshortname%” forwarder.- Once you login , this should redirect you to the federated                  application.



To Ensure all records are setup correctly. Please use the attached Excel sheet when gathering your initial information.