The external address for the router.
The external IP address of the router.
The HTTP port for the router. The installation provides the next highest available ports as a suggestion for this field and the next field.
The HTTPS port for the router.
Select this check box to publish all applications except the Grid Management Pages via the SAML Router. Select this option if management of the grid is authenticated with a client certificate.
If load balancers or proxies are placed in front of the Grid, the SAML Session Provider needs to publish endpoints for those addresses, as described in Configuring Login and Logout Endpoints.
Write one entry per row in the format fqdn:port. The first entry will be configured as the Logout Endpoint, and will be used to form the Entity ID for the SAML Session Provider (to be used in IFS and AD FS). If nothing is added here, all login and logout endpoints are based on the SAML router properties defined above.
Select this check box to create Assertion Consumer Services for the Additional ACS endpoints only. No ACS value will be created based on the SAML Router properties. Select this option if all SAML authentication should pass via the load balancer - that is, no direct access to grid routers by end users.
The fully qualified domain name of the AD FS server.
The HTTP port of the AD FS endpoint.
The SSL port of the AD FS endpoint.
Provide the URI to the federation metadata. The default AD FS value is /FederationMetadata/2007-06/FederationMetadata.xml. The URI can found in the AD FS management console: expand "Service">"Endpoints". In the Metadata section, find the URL Path for the Federation Metadata.
The Secondary Identity Provider properties are only applicable in cloud scenarios.
After you click Next, the installer will get the SSL certificates from the AD FS server and you will have to confirm them before continuing. The installer will retrieve the AD FS metadata and parse it for suggested values for a later installation step.
Provide the name for a domain user that has the IFSApplicationAdmin and AttributeServiceCaller IFS Security Roles. The username must be in the domain\uid format. This should be a service user with a password that does not expire - otherwise, the password must be kept up-to-date. This user is used for authenticating IFS web service calls, both during installation and at runtime.
Provide the password for the domain user from the previous field.
This property can not be used with Xi Platform, only with older IFS versions. If User Access Control (UAC) is activated on the IFS server, the local administrator account must be provided in order for IFS to be able to push the SAML Session Provider configuration to AD FS.
This property can not be used with Xi Platform, only with older IFS versions. Provide the password for the server administrator user from the previous field.
Specify the FQDN for IFS.
Specify the HTTP port for reaching IFS.
Specify the HTTPS port for reaching IFS.
After you click Next, the entity ID for the SAML Session Provider generated after step 4 is validated against IFS. If the entity ID already exists as an application, you will have to confirm that you want to overwrite the existing application in IFS.
Change the value to http://schemas.infor.com/claims/Person
See "AD FS server configuration" in Infor Xi Platform Installation Guide.