Table of Contents

Search

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Security Domains
  5. Kerberos Authentication
  6. Domain Security
  7. SAML Authentication for Informatica Web Applications
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Command Line Privileges and Permissions
  14. Custom Roles
  15. Default List of Cipher Suites

Step 4. Configure Active Directory Federation Services

Step 4. Configure Active Directory Federation Services

Configure AD FS to issue SAML tokens to Informatica web applications.
Use the AD FS Management Console to perform the following tasks:
  • Add Informatica as a relying party trust in AD FS. The relying party trust definition enables AD FS to accept authentication requests from Informatica web applications.
  • Edit the Send LDAP Attributes as Claims rule to map LDAP attributes in your identity store to the corresponding types used in SAML tokens issued by AD FS.
All strings are case sensitive in AD FS, including URLs.
  1. Log in to the AD FS Management Console.
  2. Expand the
    Trust Relationships
    Relying Party Trusts
    folder.
  3. Right-click the
    Relying Party Trusts
    folder, and then select
    Add Relying Party Trust
    as shown in the following image:
    The Relying Party Trusts pane of the AD FS Management Console contains available relying trusts.
    The
    Add Relying Party Trust Wizard
    appears.
  4. Click
    Start
    .
    The
    Select Data Source
    panel appears.
  5. Click
    Enter data about the relying party manually
    as shown in the following image:
    The Select Data Source pane of the Add Relying Party Trust Wizard is used to specify the source of the relying party data.
  6. Click
    Next
  7. Enter "Informatica" as the display name, and then click
    Next
    .
  8. Click
    AD FS 2.0 profile
    as shown in the following image:
    The Choose Profile pane of the Add Relying Party Trust Wizard is used to specify the AD FS profile to use.
  9. Click
    Next
    .
    Skip the certificate configuration panel in the wizard.
  10. Check
    Enable support for the SAML WebSSO protocol
    , and then enter the complete URL for the Administrator tool, as shown in the following image:
    The Configure URL pane of the Add Relying Party Trust Wizard is used to specify the single sign-on URL.
  11. Click
    Next
    .
  12. Enter "Informatica" in the Relying party trust identifier field. Click
    Add
    , and then click
    Next
    .
  13. Select
    Permit all users to access the relying party
    as shown in the following image:
    The Choose Issuance Authorization pane of the Add Relying Party Trust Wizard is used to specify the issuance authorization rules for the relying party trust.
  14. Click
    Next
    .
  15. Check
    Open the Edit Claim Rules dialog for this relying party trust when the wizard closes
    as shown in the following image:
    The Finish pane of the Add Relying Party Trust Wizard confirms that the relying party trust was successfully added to the AD FS configuration database.
  16. Click
    Close
    .
    The
    Edit Claim Rules for Informatica
    dialog box appears.
  17. Click
    Add Rule
    .
    The
    Add Transform Claim Rule Wizard
    opens.
  18. Select
    Send LDAP Attributes as Claims
    from the menu, as shown in the following image:
    The Select Rule Template pane of the Add Transform Claim Rule Wizard contains the claim rule template to use.
  19. Click
    Next
    .
  20. Enter any string as the claim rule name, as shown in the following image:
    The Configure Rule Template pane of the Add Transform Claim Rule Wizard is used to specify how LDAP attributes map to outgoing claim types issued from the rule.
  21. Select Active Directory from the
    Attribute store
    menu.
  22. Select SAM-Account-Name from the
    LDAP Mapping
    menu.
  23. Enter "username" in the
    Outgoing Claim Type
    field.
  24. Click
    Finish
    , then click
    OK
    to close the wizard.


Updated October 10, 2019