Configuring VIP SSP IdP for AD FS
Perform the following steps to configure VIP SSP IdP for AD FS:
- Log into VIP Enterprise Gateway.
- Select theUser Storetab.
- ClickEditon user store and go to the Search criteria.
- ClickEditand enter VIP User name Attribute. This attribute must be same as VIP User ID configured in Configuring VIP Authentication Service.
- Add the same attribute in user filter if it does not exist.
- Save the changes.
- Click theIdentity Providerstab and do the following:
- (If you configure SSP IdP for the first time) Configure SSP IdP and then set theService StatustoON.
- (If you have already configured SSP IdP) ClickEdit.
- Click theTrusted Service Access Settingstab.
- Copy the VIP certificate that was used in the VIP integration module for AD FS and move it to the VIP Enterprise Gateway server.
- ClickBrowseto select the file name of the VIP Certificate.
- In thePasswordfield, enter the password for the certificate.
- In theAliasfield, enter the alias name for the certificate.
- ClickAdd VIP Certificate.
- After completing the previous steps, ensure that the AD FS server time and the VIP Enterprise Gateway server time are in sync. Note that a time difference of more than a minute may cause authentication failure.
- After you complete this configuration, the service is running at the following URL:https://<VIPSSPIDP_FQDN>:<8233>/vipssp/trustedserviceaccess. You must use this URL as part of the JavaScript integration.
- To allow users on any device to access this URL from outside the corporate network, publish this URL with WAP (Web Application Proxy) inpassthroughmode. For details on WAP publishing, refer toAppendix F, “Publishing VIP SSP IdP Proxy URL with WAP".