Because there are multiple versions of Active Directory—and multiple configurations—we cannot guarantee this process will work for you. That said, it has proven successful for our customers who use Populi as a Service Provider and ADFS as an Identity Provider.
- In ADFS 2.0 > Service > Certificates, double-click the token signing certificate.
- Go to the Details tab and choose Copy to File.
- Choose Next, then Base-64 encoded X.509 (.CER), then Next once more. Browse to a file location and save it.
- Convert the certificate to a PEM-encoded
X509
certificate by running this script in openssl:openssl x509 -inform der -in Populi.crt -outform pem -out Populi.pem
(the exact command may vary, but it will at least resemble that).- To check if you have the correct format, view your certificate as a text file. If the first line is
-----BEGIN CERTIFICATE-----
and the last line is-----END CERTIFICATE-----
, you're in good shape!
- To check if you have the correct format, view your certificate as a text file. If the first line is
- In Populi, log in as Populi account administrator.
- Go to Account > Single Sign-On (SP).
- Under Identity Provider Certificate, click Choose File and upload the certificate you just exported from ADFS.
- Scroll to the top of the screen and click Save Settings.
0 Comments