Adding Naverisk

Adding the Application in the On-Demand tenant

  1. Select Directory Manager.
  2. Select Groups.
  3. Select the green plus sign in the bottom right corner.
  4. Name the Group Naverisk Users.
    Note: If you have other existing Groups for SSO users you can use one of these as well.
  5. Select ADD GROUP.
  6. Select SSO Manager.
  7. Select the green plus sign in the bottom right corner.
  8. Select the Catalog Icon.
  9. Select Custom Application from the Catalog.
    1.PNG
  10. Select Application is Enabled.
    1.PNG
  11. Name the Application Naverisk.
    2.PNG
  12. Select the Authentication Policy you want to use.
    3.PNG
  13. Select Protocol Setup.
    4.PNG
  14. Select Protocol Type WS-Federation.
    5.PNG
  15. Enter the Reply to URL https://naveriskserver/SSOentry.aspx
    6.PNG
    Note: Replace naveriskserver with the actual fully qualified domain externally resolvable URL for your Naverisk server. 
  16. Enter the Audience URL.
    7.PNG
    Note: Replace naveriskserver with the actual fully qualified domain externally resolvable URL for your Naverisk server. 
  17. Select Add on the Audience URL.
    8.PNG
  18. Select Advanced Settings.
    9.PNG
  19. Choose Protocol Version WS 1.3.
    10.PNG
  20. Select Add Application.
    11.PNG
  21. Upload your an image for the Application icon.
    You can use the icon attached to this article.
  22. Select Protocol Setup.
    Choose WS-Federation.
  23. Select Permissions.
    12.PNG
  24. Select the Group you chose in Step 4.
  25. Select Signing and Encryption.
    13.PNG
  26. Copy the Thumbprint (You will need this to configure the Naverisk portion.)
    14.PNG
  27. Select Save Changes.
    15.PNG

  

Configure Naverisk to receive Single Sing On logins

You will need to modify the Naverisk website web.config.

  1. Open web.config (usually located at C:\%program files (x86)\Naverisk Website\Website\web.config) using an elevated Command Prompt (Run as Administrator). 
    <microsoft.identityModel>
    <service>
    <audienceUris>
    <!-- Audience URI: A unique identifier for the application so SSO knows who should receive the token -->
    <add value="https:// sitecontroller.naverisk.com /" />
    </audienceUris> <federatedAuthentication> <wsFederation passiveRedirectEnabled="true" issuer="https:// authanvil.naverisk.com/sso/federation/passive/wsfed" realm="https:// sitecontroller.naverisk.com /" requireHttps="false" />
    <cookieHandler requireSsl="false" />
    </federatedAuthentication>
    <applicationService>
    </applicationService>
    <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
    <trustedIssuers><add thumbprint="09C8C186095E9D59155AE12E7A449337754536A7" name="https://(Your On-Demand Tenant)/AuthAnvil/SSO/Trust/site1" />
    </trustedIssuers>
    </issuerNameRegistry>
    <certificateValidation certificateValidationMode="None" />
    </service>
    </microsoft.identityModel>
  2. Replace https:// sitecontroller.naverisk.com with the URL for your Naverisk server.
  3. Replace https://(Your On-Demand Tenant) with your AAoD Tenant URL>
  4. Enter the Thumbpint copied in step 27 of the first section. 
  5. Save the file.

To test this now log into your Single Sign On Launchpad https://(Your On-Demand Tenant)/ and Select the Naverisk Icon.

Have more questions? Submit a request

0 Comments

Article is closed for comments.