Configuring VIP SSP IdP for AD FS

Perform the following steps to configure VIP SSP IdP for AD FS:
  1. Log into VIP Enterprise Gateway.
  2. Select the
    User Store
    tab.
  3. Click
    Edit
    on user store and go to the Search criteria.
  4. Click
    Edit
    and enter VIP User name Attribute. This attribute must be same as VIP User ID configured in Configuring VIP Authentication Service.
  5. Add the same attribute in user filter if it does not exist.
  6. Save the changes.
  7. Click the
    Identity Providers
    tab and do the following:
    • (If you configure SSP IdP for the first time) Configure SSP IdP and then set the
      Service Status
      to
      ON
      .
    • (If you have already configured SSP IdP) Click
      Edit
      .
  8. Click the
    Trusted Service Access Settings
    tab.
  9. Copy the VIP certificate that was used in the VIP integration module for AD FS and move it to the VIP Enterprise Gateway server.
  10. Click
    Browse
    to select the file name of the VIP Certificate.
  11. In the
    Password
    field, enter the password for the certificate.
  12. In the
    Alias
    field, enter the alias name for the certificate.
  13. Click
    Add VIP Certificate
    .
  14. After completing the previous steps, ensure that the AD FS server time and the VIP Enterprise Gateway server time are in sync. Note that a time difference of more than a minute may cause authentication failure.
  15. After you complete this configuration, the service is running at the following URL:
    https://<VIPSSPIDP_FQDN>:<8233>/vipssp/trustedserviceaccess
    . You must use this URL as part of the JavaScript integration.
  16. To allow users on any device to access this URL from outside the corporate network, publish this URL with WAP (Web Application Proxy) in
    passthrough
    mode. For details on WAP publishing, refer to
    Appendix F, “Publishing VIP SSP IdP Proxy URL with WAP"
    .