WS-Federation
Click here to see this page in full context

WS-Federation

Delegate the authentication of a Client via WS-Federation

 Prerequisite  The Controller is shut down and you must use the HTTPS protocol.

  1. From the application Controller , click on the panel Delegate the authentication.
  2. On the line WS-Federation protocol, click on the button  to enter a new configuration. You can enter several per protocol, but only one can be enabled (double-click in the column Active).
  3. If you have already created configurations for the authentication of the Webspaces, they are already available in the application. If not, click on the button  to define it.
  4. In the popup window, enter the URL of the ADFS server (https address).
  5. If you want users to also be able to access HYPERPLANNING without going through the ADFS server, tick Authorize authentication by the controller, without interrogating the WS-Federation server. In this case, users will need to log in with their HYPERPLANNING username and password.
  6. Click on the button Users' identification parameters on the top right to choose the user recognition type.
  7. Validate to return to the initial screen. In the table, tick the mode concerned by WS-Federation delegation.

Note: the activation of the delegation is valid for both Clients and Webspaces. If you ever want to disable those of Clients, but not the Webspaces, check None (delegation) in the table for the Administrative Mode.

Delegate the authentication to the Webspaces via WS-Federation

 Prerequisite  The Server HYPERPLANNING.net must be shut down and use the HTTPS protocol (choice of the protocol in the panel Publication parameters).

  1. From the application HYPERPLANNING.net , click on the panel Delegate the authentication.
  2. On the line WS-Federation protocol, click on the button  to enter a new configuration. You can enter several per protocol, but only one can be enabled (double-click in the column Active).
  3. If you have already created configurations for the authentication of the Webspaces, they are already available in the application. If not, click on the button  to define it.
  4. In the popup window, enter the URL of the ADFS server (https address).
  5. If you want users to also be able to access the Webspaces without going through the ADFS server, tick Authorize direct authentication by HYPERPLANNING.net. In this case, users will need to log in with their HYPERPLANNING username and password.
  6. Click on the button Users' identification parameters on the top right to choose the user recognition type.
  7. Validate to return to the initial screen. Tick the Webspaces concerned by the delegation in the table. For the delegation to work for the Homepage, all Webspaces must be ticked.

Note: the activation of the delegation is valid for both Clients and Webspaces. If you ever want to disable those of Webspaces, but not the Clients, in the table check None (delegation) for all the Webspaces.

Access to the Webspaces via WS-Federation

Access to the different Webspaces is conducted by the public URL of HYPERPLANNING.net. To access mobile Webspaces, add /mobile to the end of the URL.

Manually reconcile a database user with their ADFS identifier

 Prerequisite  You must login as an administrator.

  1. Go to the tab Communication > Identity management >  Reconciliation of the identities.
  2. Select ADFS in the first drop-down menu.
  3. Select the type of user in the second drop-down menu.
  4. Reduce the list by ticking Only those not reconciled.
  5. Double-click in the column Partner username.
  6. In the popup window, enter the identifier and validate.