MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-11-29 13:28:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
839fe095c100ce174731e1e9453fe038d6509f1b
MeshCentral/docs/docs/other/adfs_sso_guide.md
DaanSelen 781c2ea60a refac(docs): MeshCentral Mkdocs rewrite (#7216) 
* Sanitation and cleanup.

* More sanitation.

* Good base.

* Conversion of images to jpeg for background and added border-radius.

* sanitation and css addition.

* Moved documents and further expanded documentation.

* Converting images and setting structure.

* Minor text addition

* [ENH] Improve home page documentation, meshcentral index page documentation

* [ENH]Improve submodules & features page

* [ENH]review and improve how-to-contribute page

* [ENH]review and improve Design and Architecture page

* [ENH] Reviewed and improve 'Other' pages

* reworked advanced page

* Small additions and corrections.

* minor removal of dashes

* [ENH] Review and improve install menu (With related pages) in the docs (#16)

* feat: rewrite entire install directory

---------

Co-authored-by: alain.cisirika <cisirikalain@gmail.com>
Co-authored-by: Daan Selen <dselen@systemec.nl>
2025-10-24 23:12:52 +01:00

2.6 KiB
Raw Blame History

ADFS SSO Guide

📋 Assumptions

The following guide was built under the assumptions that :

  1. ADFS 4.0 running on Server 2016 using Active Directory

  2. Main ADFS setup already completed / working. SSL certs installed and port forwarded as expected.

The guide was built to deal specifically with adding mesh as a Relying Party. Im far from an ADFS expert and some configurations may not be needed. Most of this was built by reading the code and taking guesses as to the needed values.

📘 Guide

As with anything SSO, you need 2 pieces the IDP setup (in this case ADFS) and the SP setup (in this case Mesh).

Mesh Setup

Add the following to your mesh config file in the domains part :

  • Callback URL :

    Should be the FQDN for your Mesh Server, ending with /auth-saml-callback

  • Entity ID :

    This is how ADFS IDs which party the request goes to. You can set this to whatever you want, but you will need this value later on when working in ADFS.

  • IDP URL:

    This is the URL to ADFS. Ends with /adfs/ls unless you did something very weird in ADFS.

  • Cert:

    You will need to export the token signing cert from ADFS, then convert it to PEM format. This cert can be found in ADFS -> Service -> Certificates. You can use this openssl command to convert it from CRT to PEM format :

    openssl x509 -in mycert.crt -out mycert.pem -outform PEM

Save the config and restart the mesh server.

Windows Server Configuration

ADFS setup (in pictures) :

Relying Party Trust -> New Relying Party Trust

Edit the new “Relying Party Trust” Properties:

Then its time to add Claims…

For the outgoing claim type, where it says firstname, lastname, and email, manually type it in as shown. All other fields should be selected from the dropdown.

Add another rule:

For all fields, select from the dropdowns

Reference in New Issue View Git Blame Copy Permalink