EzeScan WebApps
EzeScan WebApps
Breadcrumbs

Authenticating with ADFS via OpenID Connect

ADFS Configuration

Add Application Group

  1. In AD FS Management right click Application Groups then select Add Application Group.
    image2022-3-9_16-37-15-.png

  2. Enter the following details and then click the Next button:

    Option

    Value

    Name

    EzeScan WebApps

    Template

    Web browser accessing a web application

    image2022-3-9_16-44-37-.png

  3. Enter the following details and then click the Next button:

    Option

    Value

    Name

    EzeScan WebApps - Native application

    Redirect URI

    https://server.domain.com/signin-oidc

    This should be the URL you use to access EWA with a "/signin-oidc" on the end.

    Note: Be sure to click the "Add" button!

    image2022-3-9_17-33-27-.png

  4. Select your relevant access control policy and then click the Next button.
    image2022-3-9_17-34-35-.png

  5. Review the information and then click the Next button.
    image2022-3-9_17-35-19-.png

  6. Click the Close button.
    image2022-3-9_17-35-53-.png

Map Claims

  1. Right click the created Application Group and select Properties.
    image2022-3-9_18-31-18-.png

  2. Select the Web Application and click the Edit button.
    image2022-3-9_18-32-59-.png

  3. Select the Issuance Transform Rules tab and then click the Add Rule... button.
    image2022-3-9_18-34-17-.png

  4. Leave the default Send LDAP Attributes as Claims option and click the Next button.
    image2022-3-9_18-36-46-.png

  5. Enter the following details and then click the Finish button:

    Option

    Value

    Name

    User Info

    Attribute Store

    Active Directory

    Mapping of LDAP attributes to outgoing claim types


    LDAP Attribute (Select or type to add more)

    Outgoing Claim Type (Select or type to add more)

    E-Mail-Addresses

    Email Address

    User-Principal-Name

    UPN

    Display Name

    Name

    Given-Name

    Given Name

    Surname

    Surname

    Token-Groups as SIDs

    Role


    image2022-3-9_18-43-26-.png

Locating the Client Id

  1. Right click the created Application Group and select Properties.
    image2022-3-9_18-31-18-.png

  2. Select the Native Application and click the Edit button.
    image2022-3-9_19-4-16-.png

  3. Note down the Client Id
    image2022-3-9_19-5-31-.png

EzeScan WebApps Configuration

  1. Locate the appsettings.json file found in the root directory of your EzeScan WebApps installation directory.

  2. Edit the appsettings.json file using your favorite text editor and modify the Authentication section to contain the following:

    JavaScript
     "Authentication":{
      "EnableApiKey":true,
      "Providers":{
         "OpenIdConnect": {
            "Authority": "https://adfs-server.domain.com/adfs",
            "ClientId": "3d585d27-ba3b-44b6-a87f-be91c13b3de4",
            "MetadataAddress": "https://adfs-server.domain.com/adfs/.well-known/openid-configuration",
         }
      }
   }


    You will need to substitute "adfs-server.domain.com" with your ADFS servers fully qualified domain name (FQDN).


    Be sure to substitute the value of "ClientId" with the "Client Id" set in ADFS. If you're unsure then see Authenticating with ADFS via OpenID Connect | AuthenticatingwithADFSviaOpenIDConnect LocatingtheClientId




  3. Save the appsettings.json file.

  4. Restart the IIS App Pool that runs EzeScan WebApps.

  5. Navigate to your EzeScan WebApps site and click the Login button.
    image2020-12-3_16-26-37.png

  6. Try logging in as a valid ADFS user.
    image2022-3-9_18-54-0-.png

  7. After successfully logging in you will be redirected back to EzeScan WebApps and in the top right hand corner you should see your display name.
    image2022-3-9_18-55-51-.png