0 votes

Hi all, so i tried to setup AD FS as IdP with Adaxes as SP. I used this guide: https://www.adaxes.com/help/EnableSamlBasedSingleSignOn/

Sadly i run into error: MSIS3200 which is caused by a missing Assertion Consumer Service.

AD FS is forcing https but the SSO Reply URL from Adaxes is in http. AD FS won't

I can't find a way to change this URL to use HTTPS. (Will attach Screenshot for clarification)

SSO-ADFS.png

Also the Information field shows that i should be able to change the SSO Reply URL. But unlike with the Entity ID there is no "Change" field.

SSO-ADFS2.png

I checked this question: https://www.adaxes.com/questions/9524/saml-response-reply-url-http-instead-https-due-ssl-offloading?show=9524#q9524

But in my case there is only my AD FS Server and Adaxes. No SSL Offloading or Big IP.

Hope somebody can point me in the right direction!

Bests, Daniel.

by (190 points)

1 Answer

0 votes
by (294k points)
selected by
Best answer

Hello Daniel,

The SSO Reply URL and Single Logout URL you see in the Web interface configurator are just examples of what should be used. For the whole thing to work, you need to enable HTTPS for Adaxes Web interface and then specify the corresponding URLs in AD FS when configuring SAML SSO. You can configure SSL on the Adaxes Web interface the way you do it for any other website hosted by IIS. For details on how to enable SSL for an IIS Web Site, see the following article: https://docs.microsoft.com/en-us/troubleshoot/iis/enable-ssl-all-customers.

Related questions

0 votes
1 answer

Is it possible to trigger an external API request to update another directory whenever an AD user changes his password? Even if the password change didn't occur using adaxes, but directly in Active Directory? Thank you.

asked May 29, 2020 by nicolasdsa (20 points)
0 votes
1 answer

Guys, I have implemeted SSO with Azure AD with my test instance. I am using 2019.2. Works fine - MFA triggers etc. But when I log out from Adaxes websites, it ... to attract some nasty looks from Infosec guys - specially when it is a user management tool.

asked Aug 3, 2020 by Brajesh (460 points)
0 votes
1 answer

Hi, is there any way to bypass SSO and get directly to the Loginpage when a machine is not joined to the domain? Reason why I'm asking is, in the last months ... machines not connected to the domain to go directly to the Adaxes Login form. Best regards Ingemar

asked Nov 27, 2013 by ijacob (960 points)
0 votes
1 answer

I am trying to view AD authentication logs to see a user account's authentication attempts. Can this be done in Adaxes?

asked Dec 30, 2021 by Tfarmer (160 points)
0 votes
1 answer

We have a fleet of Macbooks that use NoMAD to handle AD Authentiction and syncronization. How can we use Adaxes to handle the Password reset utility with these users. If they ... resync will be needed. Anybody else doing this or have a solution to the above?

asked May 13, 2020 by jcalvert (60 points)
3,589 questions
3,278 answers
8,303 comments
548,105 users