Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO
0 votes
in CompleteFTP by (51.4k points)
A user recently asked us if CompleteFTP's SAML feature is compatible with Microsoft's ADFS (Active Directory Federation Services - often also written as AD FS).

1 Answer

0 votes
by (51.4k points)
Best answer

The answer is yes, but keep reading...

Firstly, in version 11.0.0, you'll get an error if you try to import raw IDP metadata directly from ADFS.  Version 11.1.0 should be able to handle it, but as I write this version 11.1.0 hasn't yet been released, so if you're on version 11.0.0, you'll need to download the metadata file, open it in a text editor, and remove the nodes with the following names: ds:Signature, RoleDescriptor, SPSSODescriptor.  Once you've done that you should be able to import it into CompleteFTP.

Secondly, you need to set the secure hash algorithm (advanced settings tab) to SHA1.

Thirdly, you need to tell ADFS which attribute it should send to CompleteFTP as the user-name.  To do this you have to create a claim rule with an incoming claim type of your choice (e.g. Windows account name), an Outgoing claim type of 'Name ID', an Outgoing name ID format of 'Unspecified' and Pass through all claim values selected.

For more information, please refer to this Oracle blog post, keeping in mind that the step for configuring WebLogic doesn't apply to CompleteFTP.