Applies to version: 2020.1.x and above; author: Mateusz Syrek
In WEBCON BPS there it is possible to configure several authentication providers. One of them is ADFS (Active Directory Federation Services).
If the organization uses the single-on with ADFS and we want the authentication process in the WEBCON BPS application to be “transparent/invisible?” for users or we want to make the application available to users outside the domain – there is an option to register WEBCON BPS Portal in ADFS and enable such authentication.
Registration of WEBCON BPS in ADFS
The screens show the steps that have been modified. Others are the default configuration.
The first step is to launch the ADFS management console and create a new “Relying Party Trust”, then select the “Claims Aware” application.
Then select the option of manually enter data and enter the display name.
If you have an optional key certificate, you can select it in the next step but here it is not needed and you can go further.
The next step is to select the protocol in which ADFS will communicate with WEBCON BPS application – BPS is the application supporting the Windows Federation protocol so you must select this option and enter the Portal address as the address.
In the next step you can provide additional trust identifiers, but in this case it is not needed – leave the automatically added address and click the “Next” button.
In the next step you can select access control policies (you can leave the default options) and go the summary of the configuration. After clicking the “Finish” button, Portal will be registered in ADFS.
From the last step you can easily go to the Claims extensions configuration. After clicking the “Close” button, a window will appear on the screen in which you can add new transformation roles – select “Send LDAP Attributes as Claims” and set attributes that you want to map.
After saving the configuration, go to the WEBCON BPS Designer Studio.
Configuration in WEBCON BPS Designer Studio
To enable authentication in the Portal, you must activate the ADFS authentication provider in the system configuration.
The following parameters must be passed in the configuration:
- ADFS server metadata address
- Application identifier in ADFS, which is the address of WEBCON BPS Portal
- Provider address which is the address of the active endpoint WS-Federation protocol in ADFS
The ADFS authentication provider configured in this way can be verified by entering the Portal site.
On the screen a login window will appear with two buttons – Windows Active Directory and ADFS which has just been activated. After pressing the ADFS button, the user will be redirected to the ADFS login page where after providing valid credentials will return to the Portal.
The user has the ability of selecting the method of authentication. If the Azure Active Directory and WEBCON BPS Auth authentication providers are activated in WEBCON BPS, additional buttons will appear here.
In WEBCON BPS Designer Studio a similar login window will appear.
How to reduce the number of logins to a minimum and make that the user will not have to re-authorize?
You need to deactivate all other authentication providers such as Windows Active Directory. The user will not see the page with the choice of authentication method but will be immediately redirected to the ADFS server page. If the user has already been authenticated before, they will be immediately redirected without entering the credentials again.
Important! Deactivation of all other authentication providers means you will also have to log in to WEBCON BPS using ADFS.