Streaming Manager for Enterprise Federation with ADFS

Streaming Manager for Enterprise Federation with ADFS

Preconditions

AD, ADFS 2.0 installed (https://www.microsoft.com/en-us/download/details.aspx?id=10909) (choose federation server during install)

Configuring ADFS 2.0

ADFS configuration wizard

Start the ADFS configuration wizard, create a new Federation Service

Create a new user for ADFS service

Select deployment type

Specify the Federation Service Name. E.g: align.ustream.tv

Specify service account. Use the previously defines service user for this purpose

Check the configuration summary

If all goes well you get a report with all successful configurations, but you may get the following error

To solve this run the following command in the command line setspn -a host/localhost adfssvc

Add relying party trust

Configuring Claim Rules for the Relying Party

In these steps we’re going to add the claim rules so that the elements Ustream Align requires and ADFS doesn't provide by default (e.g.: NameId) are added to the SAML authentication response. If you forgot to check the box to launch the claim rule dialog, right-click on the relying party (in this case align.ustream.tv) and then click Edit Claim Rules.

Click Add rule...

When new claim rule was added, the list should contain the new rule.

Adjusting some properties

Additional saml encryption is not needed when using https in a federation. To turn of saml encryption first you have to uncheck the “Automatically update relying party” checkbox on the relying party properties page.

Then remove the encryption certificate from the Encryption tab by pushing the remove button.

In the advanced tab change the hash algorithm from SHA-256 to SHA-1.

Configuring the Ustream Channel

Go to https://www.ustream.tv/dashboard/account/security

SP-Initiated Config

SSO type: Service Provider Initiated SSO

Entity ID for example: http://adfs.ustream.tv/adfs/services/trust (your ADFS entity id)

Certificate: certificate data from ADFS metadata xml

(https://adfs.ustream.tv/FederationMetadata/2007-06/FederationMetadata.xml)

Login URL for example: https://adfs.ustream.tv/adfs/ls/

Logout URL for example: https://adfs.ustream.tv/adfs/ls/

IdP-Initiated Config

SSO type: Identity Provider Initiated SSO

Entity ID for example: http://adfs.ustream.tv/adfs/services/trust (your ADFS entity id)

Certificate: certificate data from ADFS metadata xml

(https://adfs.ustream.tv/FederationMetadata/2007-06/FederationMetadata.xml)

Login URL for example: https://adfs.ustream.tv/adfs/ls/IdpInitiatedSignOn.aspx

Logout URL for example: https://adfs.ustream.tv/adfs/ls/?wa=wsignout1.0

Powered by Zendesk