2

I Need help with APP ID service in IBM Cloud.

I have a configuration with a Loopback application residing in IBM Cloud which uses the APP ID service to perform SSO automated login.

APP ID service is configured with one identity provider:

SAML 2.0 Federation SAML Federation is configured to work with ADFS which I have setup with an Azure virtual machine for test and our customers production ADFS.

The solution works and my SSO request is relayed:

> APP ID > ADFS

and authentication is performed and I can log in to the system.

Problem:

The problem is that ADFS is always using the Form-based Authentication, but I need to use the Windows Integrated Authentication i.e. the customer when logged in to the corporate network is never asked for credentials.

I have together with the ADFS administrator troubleshoot the windows side and can not see any irregularities.

Questions:

  1. Does APP ID service support Windows Integrated Authentication and what can I do to enable it?
  2. How to troubleshoot the workings of APP ID service, logs, etc.
Peyman Mohamadpour
  • 17,954
  • 24
  • 89
  • 100
Per Ledberg
  • 21
  • 1

1 Answers1

0

You can customize the AuthnContext using the management API -

https://<region-endpoint>.appid.cloud.ibm.com/swagger-ui/#/Management%20API%20-%20Identity%20Providers/mgmt.set_saml_idp

urn:federation:authentication:windows is currently not supported. However, you can try updating the authnContext to either urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified or just an empty object ("authnContext": {})

In my experience, it works for me by updating with an empty object.

Ref Managing App ID with the API : https://cloud.ibm.com/docs/appid?topic=appid-manging-api

kyouhei
  • 54
  • 1
  • 1
  • 6