This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ADFS Autologin (legacy) in Foundation EP3

Go to answer
Jim_Bullen1
Champ in-the-making
Champ in-the-making

‎08-12-2021 11:16 AM

Hello,

 

I am attempting to setup the legacy ADFS autologin configuration in EP3 - specifically with build 20.3.33.1000.  My Unity client, Web, and AppServer are all on that build and I am using an ADFS 4.0 server.  When I attempt to login with Unity I am receiving LDAP errors in Diagnostics Console that are documented in this KB article:

https://community.hyland.com/tskb/000011000-when-attempting-to-login-to-report-services-with-adfs-au...


I realize that the version referenced is for OnBase 18 and for Report Services but the error seemed to correlate so I went looking for the System.Net.Http.dll.  It does not exist in the Unity install directory.  I have looked over my settings very thoroughly to ensure I did not miss any minor settings or casing mismatches and nothing stood out. 

 

Is this authentication method still supported in EP3 and if so is ADFS 4.0 a supported version to use? 

Thanks!

Labels:
0 Kudos
1 ACCEPTED ANSWER

Go to answer
AdamShaneHyland
Employee
Employee

‎08-12-2021 11:41 AM

Hi Jim.  Hope all is going well

 

While the Legacy AD FS integration is still available, the recommendation for the use of AD FS with OnBase Foundation EP1 and higher is to use the Hyland IDP.  This supports WS-FED and SAML2 authentication through a Relying Party Trust.  The Legacy AD FS integration relies on dated technology which for one doesn't support modern encryption certificates.

 

As this particular configuration was likely not tested, I would recommend submitting a Support Ticket for further investigation.

 

Best wishes.

 

 

View answer in original post

0 Kudos
6 REPLIES 6

Go to answer
Ryan_Wakefield
World-Class Innovator
World-Class Innovator

‎08-12-2021 11:35 AM

Starting in OnBase Foundation EP1, the OnBase IdP (which was used in 18) has been replaced with the new Hyland IdP and this will be used going forward. So you will not be able to configure the OnBase IdP to work with an EP3 client. You will have to configure the Hyland IdP along with the REST API SCIM setup.

0 Kudos

Go to answer
AdamShaneHyland
Employee
Employee

‎08-12-2021 11:41 AM

Hi Jim.  Hope all is going well

 

While the Legacy AD FS integration is still available, the recommendation for the use of AD FS with OnBase Foundation EP1 and higher is to use the Hyland IDP.  This supports WS-FED and SAML2 authentication through a Relying Party Trust.  The Legacy AD FS integration relies on dated technology which for one doesn't support modern encryption certificates.

 

As this particular configuration was likely not tested, I would recommend submitting a Support Ticket for further investigation.

 

Best wishes.

 

 

0 Kudos

Go to answer
Jim_Bullen1
Champ in-the-making
Champ in-the-making
In response to AdamShaneHyland

‎08-12-2021 12:07 PM

Hi Adam, thank you for the response!

 

I was able to get the WS-Fed protocol working with the Hyland IdP.  Getting the legacy ADFS setup working was mostly for internal documentation purposes.   I can setup an OnBase 18 environment and try to retest to see if that resolves the issue.

 

I do have one other semi-related question.  If I use SAML2 authentication for the Relying Party Trust on the ADFS server - would I configure a SAML2 or a WS-Fed provider for the Hyland IdP?  Also would you happen to have any documentation around using SAML2 with the Relying Party Trust and what gets configured for the Hyland IdP?

 

Thanks again!

0 Kudos

Go to answer
AdamShaneHyland
Employee
Employee
In response to Jim_Bullen1

‎08-12-2021 12:16 PM

Hi Jim.

 

My pleasure.

 

Something else that I was thinking, Report Service reached its end of life with version post OnBase 18 ...

 

https://community.hyland.com/blog/posts/68599-deprecation-and-end-of-life-announcement-report-servic...

 

https://community.hyland.com/customer-portal/wiki/hyland-support/hyland-softwares-onbase-module-supp...

 

You can use Reporting Dashboards in the Unity Client or the Report Viewer web app to access reports in later versions of the software.   The Unity Client supports the Hyland IDP, but I'm not certain if the Report Viewer does.

 

To your second question, if you are using a Saml2 provider from the Hyland IDP, then you would setup the AD FS Relying Party Trust as Saml2 also.  Vice versa for WS-FED.  Either would work for an integration with AD FS.  Unfortunately I do not have any documentation available.  However, the Identifier in the RPT is the Hyland IDP SAML EntityID and the Endpoints are the Saml ACS endpoints from the metadata.  An easy way to configure it is to export the metadata and then use it to configure the RPT.

 

Best wishes.

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC