Abbreviations used in this document
SSO: Single Sign On
ADFS: Active Directory Federation Services
SAML: Security Assertion Markup Language
SP: Service Provider, in the context of this document is openFIT
IdP: Identity Provider, in the context of this document is the openFIT partner wishing to integrate with openFIT application through their SSO.
OF: openFIT application
Introduction
Explained in this document is the SSO integration between OF as a SP and OF partners through their ADFS and SSO implementation. This will allow end users to login seamlessly to OF once they have already logged in to their workstations.
The integration is done using OF “Federation Meta Data” endpoint and it is expected that the partner using this endpoint sends the required “Assertions” needed by the OF application to allow users to login seamlessly.
Federation Metadata Endpoint
OF provides two endpoints for partners:
Testing Endpoint
Use this endpoint to carry out a pilot integration with OF. This will provide a safe place to carry out integration and test it until ready to go live.
URL: https://of-internal-ids.azurewebsites.net/FederationMetadata/2007-06/FederationMetaData.xml
Production Endpoint
Once a partner has confidence that the integration works seamlessly and meets expectations, they can move to the production endpoint.
URL: https://ids.openfit.care/FederationMetadata/2007-06/FederationMetaData.xml
Claim Types Required by openFIT
On a basic level, OF requires that the following claims are sent as part of the assertion:
| Claim Type | Uri | Description |
|---|---|---|
| Name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | This is used as the username in OF |
| UPN | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn | |
| Role | http://schemas.microsoft.com/ws/2008/06/identity/claims/role | One of:
|
| Email Address | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | |
| First Name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | |
| Last Name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname |
Table 1 - Claim Types required by OF
Note: In case more information is needed for integration, please contact OF support. An example of integration using ADFS:
Using Federation Metadata to Establish a Relying Party Trust in ADFS 2.0
Provisioning a Partner
To complete the integration and test it, OF needs to provision an account for the partner. To accomplish that, the Federation metadata endpoint or document for the partner is needed. We extract the following information from the document:
- Name or Id, e.g.: http://adfs-test.groupnos.com/adfs/services/trust
- Single Sign-on Service URL
- Single Logout Service URL
- Sign Authentication Request (Yes / No)
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article