ADFS Integration Troubleshooting - Fluid Topics - 3.7

Fluid Topics Integration Guide

Operating system
RHEL
Category
Reference Guides
Audience
public
Version
3.7

ADFS is known to have a SAML behavior that is not compatible by default with Fluid Topics SAML layer. All the points detailed in this article must be taken into account to get the integration working.

This topic explains ALL the specific points that must be taken into account to get Fluid Topics to work with an ADFS Identity Provider.

Ensure that Fluid Topics entity ID does not contain a question mark.

If the entity ID contains a question mark, ADFS ignores all characters after it. The Fluid Topics entity ID must not contain any question mark.

Do not use the default authentication lifetime.

ADFS requires the maxAuthenticationLifetime property to be set to 8 hours or 28,800 seconds.

Configure ADFS to export the Name ID.

Fluid Topics requires the authenticated user to be identified by a Name ID but ADFS does not send it by default. For more information about how to do that in ADFS console, refer to this post the conf.json file for ADFS.

Do not set the idPropertyKey attribute in the conf.json file.

If ADFS is the Identity Provider, the conf.json file must not contain the idPropertyKey attribute.