LDAP-WS setup
On AD server, install the LDAP-WS configurator.
- We will create the LDAP-WS where its general info likes this:
- On its IIS setup, we update its info like below:
- On its certificate setup, we choose the 2 certificates:
- After the LDAP-WS is created successfully, go to Identify*Admin, access System Setup/LDAP web services:
- Then create the LDAP web service whose name is “ldapwstest” points to: “http://ldapwstest.safewhere.local/LdapCredentialsService.svc” like below:
- After clicking “Save” button, you can check if the connection with the LDAP web service is corrected or not by using “Test” button.
Claim transformation for LDAP authentication
To convert the AD attributes from the AD server to Identify, we need to create the LDAP transformation named “LDAP transformation” like this
- On LDAP-WS service name, choose: “ldapwstest”
- On LDAP filter, map the SAM-Account-Name to Name claim type
- Claim mapping: we will map the AD attribute to the Identify claim type.
LDAP authentication setup
- Access the Identify*Admin, go to the connection list, create the LDAP authentication like this:
- On the claim transformation, we attach the CT: LDAP transformation
- On the Identity’s LDAP attribute, choose “SAM-Account-Name”
- On the LdapWS service name, choose: “mbsdkint”
To get off the LDAP-WS setup, we can use the direct AD. See the instruction here.