How to

Configure NameID transformation

You need to set up a NameID transformation to let Identify issue the correct NameId as required by the eHerkenning specification: – If a response from the AD to Identify has a ActingSubjectId claim, use it for the subject element […]

How to use the DirectAD on the Identify

Version: 4.2++ When client wants to use the LDAP transformation as well as LDAP authentication, he needs to configure the LDAPWS to use for them. And now he doesn’t need to setup LDAPWS, he can use his own AD directly […]

How much of C# can I use in the ‘Scripting transformation’

Question: How much of C# can I use in the ‘Scripting transformation’? Answer:  You can use all types that are declared in: System.dll System.Linq.dll System.Web.dll and (both conditions must meet) have the following namespaces: using System; using System.Collections.Generic; using System.Globalization; using […]

How to set up two factor

I. Second factor authentication connection You can find the settings for second factor in the editing page of an authentication connection. II. Two factor identities condition The following setting is used to activate the user which identify the incoming user […]

STS – IssuedTokenSymmetricBasic256Sha256 Endpoint Improvement

Introduction This is an extension of the Identify*STS endpoint IssuedTokenSymmetricBasic256Sha256 which allows the exchanged token to be run through the authentication connection’s pipeline before issuing another security token How to do There is an option on WS-Trust connection called “Allow […]

How to set Bootstrap Token for ClaimsPrincipal

When Identify receives an assertion from upstream IdP, it converts the assertion into a ClaimsPrincipal object and passes it into the claim pipeline. By default, the claims principal doesn’t contain the original assertion, which is also called the bootstrap token. […]

How to disable RelayState validation

According to Saml2 standard, Relaystate’s size must be less than 80 bytes. Because there are several SAML 2.0 implementations out there have a bad habit of using long relay state, we implemented a DisableRelayStateSizeValidation switch that you can find in […]

How to customize SOAP bindings

Since custom SOAP bindings and behaviors was supported from previous Identify versions but it was configured in web.config. You might find it difficult to access the web server and modify web.config file. From 4.3, it is now able to customize […]

LoA setting for eHerkenning

Configure Identify system set up to support eID messages After you create a tenant, login to the Admin site and navigate to the system setup page where you need to configure the following settings: Sign metadata: set it to “True”. […]

Use Gmail as your SMTP Server on Identify when it’s using 2-step verification

For the sake of enhancing security your Google account may be using 2-factor authentication, also known as 2-step verification. When enabled, you must log in to Gmail with both your password and your phone. This prevents hackers who get your […]