Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • Data Engineering Integration H2L
  • All Products

Table of Contents

Search

  1. Abstract
  2. Supported Versions
  3. Enabling SAML Authentication in an Informatica 10.2.x Domain

Enabling SAML Authentication in an Informatica 10.2.x Domain

Enabling SAML Authentication in an Informatica 10.2.x Domain

Back Next

Step 4. Configure Active Directory Federation Services

Step 4. Configure Active Directory Federation Services

Configure AD FS to issue SAML tokens to Informatica web applications.
Use the AD FS Management Console to perform the following tasks:
  • Add a relying party trust for the domain in AD FS. The relying party trust definition enables AD FS to accept authentication requests from Informatica web applications that run in the domain.
  • Edit the Send LDAP Attributes as Claims rule to map LDAP attributes in your identity store to the corresponding types used in SAML tokens issued by AD FS.
You provide the name of the relying party trust when you enable SAML authentication in a domain. Depending on your security requirements, you might create multiple relying party trusts in AD FS to enable domains used by different organizations within the enterprise to use SAML authentication.
Informatica recognizes "Informatica" as the default relying party trust name. If you create a single relying party trust with "Informatica" as the relying party trust name, you do not need to provide the relying party trust name when you enable SAML authentication in a domain.
All strings are case sensitive in AD FS, including URLs.
  1. Log in to the AD FS Management Console.
  2. Expand the
    Trust Relationships
    Relying Party Trusts
     folder.
  3. Right-click the
    Relying Party Trusts
     folder, and then select
    Add Relying Party Trust
     as shown in the following image:
    The Relying Party Trusts pane of the AD FS Management Console contains available relying trusts.
    The
    Add Relying Party Trust Wizard
     appears.
  4. Click
    Start
    .
    The
    Select Data Source
     panel appears.
  5. Click
    Enter data about the relying party manually
     as shown in the following image:
    The Select Data Source pane of the Add Relying Party Trust Wizard is used to specify the source of the relying party data.
  6. Click
    Next
  7. Enter the relying party trust name, and then click
    Next
    .
    Do not include the ? character in the relying party trust name.
  8. Click
    AD FS 2.0 profile
     as shown in the following image:
    The Choose Profile pane of the Add Relying Party Trust Wizard is used to specify the AD FS profile to use.
  9. Click
    Next
    .
    Skip the certificate configuration panel in the wizard.
  10. Check
    Enable support for the SAML WebSSO protocol
    , and then enter the complete URL for the Administrator tool, as shown in the following image:
    The Configure URL pane of the Add Relying Party Trust Wizard is used to specify the single sign-on URL.
  11. Click
    Next
    .
  12. Enter the name of the relying party trust in the Relying party trust identifier field. Click
    Add
    , and then click
    Next
    .
  13. Select
    Permit all users to access the relying party
     as shown in the following image:
    The Choose Issuance Authorization pane of the Add Relying Party Trust Wizard is used to specify the issuance authorization rules for the relying party trust.
  14. Click
    Next
    .
  15. Check
    Open the Edit Claim Rules dialog for this relying party trust when the wizard closes
     as shown in the following image:
    The Finish pane of the Add Relying Party Trust Wizard confirms that the relying party trust was successfully added to the AD FS configuration database.
  16. Click
    Close
    .
    The
    Edit Claim Rules for Informatica
     dialog box appears.
  17. Click
    Add Rule
    .
    The
    Add Transform Claim Rule Wizard
     opens.
  18. Select
    Send LDAP Attributes as Claims
     from the menu, as shown in the following image:
    The Select Rule Template pane of the Add Transform Claim Rule Wizard contains the claim rule template to use.
  19. Click
    Next
    .
  20. Enter any string as the claim rule name, as shown in the following image:
    The Configure Rule Template pane of the Add Transform Claim Rule Wizard is used to specify how LDAP attributes map to outgoing claim types issued from the rule.
  21. Select Active Directory from the
    Attribute store
     menu.
  22. Select SAM-Account-Name from the
    LDAP Mapping
     menu.
  23. Enter "username" in the
    Outgoing Claim Type
     field.
  24. Click
    Finish
    , then click
    OK
     to close the wizard.
0 COMMENTS
We’d like to hear from you!