BG09:Exostar ForumPass

From OSIS Open Source Identity Systems
Jump to: navigation, search

{{#vardefine:DtArticleSortKey|}}

Exostar ForumPass

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Exostar ForumPass}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Exostar ForumPass|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=BG09 Solution,from={{#var:page}},namespace=BG09|copy]]  [[Special:Call/DT Articles list XML,type=BG09 Solution,title={{#var:page}},namespace=BG09|as XML]]  edit
}}

{{#dpl:|debug=1|namespace={{#switch:Category|Template=Template|Category=Category|}}|skipthispage=false|category=BG09|ordermethod=sortkey|mode=inline|shownamespace=no}}

{{#if:|Solution |Solution }}   Exostar ForumPass
Identifier   bgcolor={{{color}}}}}|ExFP  
Description   bgcolor={{{color}}}}}|SharePoint collaboration site

Federation Service URI: urn:federation:TWS

Federation Server Endpoint URL: https://fp4.fsp.exostartest.com/adfs/ls/

ForumPass Application URL (for end users): https://fp4.mysite.exostartest.com/  

Product Page   bgcolor={{{color}}}}}|http://  
Project or solution logo (if different than Participant logo)   bgcolor={{{color}}}}}|
Latest Version   bgcolor={{{color}}}}}| 
Latest Release Date   bgcolor={{{color}}}}}| 
Installation/Operation Instructions   bgcolor={{{color}}}}}|ForumPass UAT Incoming Claim Configurations

The table below summarizes the claim mappings on the ForumPass side and claim combinations for access into different security profiles. A 3-rd party IDP will need to provide a set of group claims and a set of custom claims that can be mapped to the following combinations of internal FP claims in order to obtain access in to all 3 FP profiles.


Claim 1: User Principal Name

Claim 1 type: Identity Claim

Required for: Core, Sensitive Restricted

Claim 2:E-mail

Claim 2 Type:{undefined}

Required for: none

Claim 3:Credential Strength Low

Claim 3 Type: Group

Required for: Core (implied for other assurance levels)

Claim 4: Credential Strength Low Plus

Claim 4 Type:Group

Required for: Sensitive

Claim 5: Credential Strength Medium Software

Claim 5 Type: Group

Required for: Restricted

Claim 6: UK Restricted

Claim 6 Type: Custom*, Value=On

Required for: Restricted

Claim 7: SSL Protocol

Claim 7 Type: Custom*, Value=TLSv1

Required for: Restricted

* Custom claims are also known as Attribute claims.

** The presence of a stronger claim is sufficient to gain access into a lower-grade profile even if the weaker claim is not supplied.

Example: A 3-rd party IDP’s set of claims can be mapped into FP claims and profiles as follows:

Incoming Claim Incoming Claim Type Map to Claim Profile Access

Incoming Claim 1: User Principal Name

Incoming Clain Type: Identity Claim

Map to Claim: User Principal Name

Incoming Claim 2: PwdBasedAuth

Incoming Claim Type: Group

Map to Claim: Credential Strength Low

Profile Access: Core

Incoming Claim 3: CertBasedAuth

Incoming Claim Type: Group

Map to Claim: Credential Strength Low Plus

Profile Access: Core & Sensitive

Incoming Claim 4: CertBasedAuth+

Incoming Claim Type: Group+

Map to Claim: Credential Strength Medium Software +

Profile Access: Core & Senstive & Restricted

Incoming Claim 5: UK Citizen:On* +

Incoming Claim Type: Custom+

Map to Claim: UK Restricted:On* +

Profile Access: Core & Sensitive & Restricted

Incoming Claim 6: Tunnel: TLSv1*

Incoming Claim Type: Custom

Map to Claim: SSL Protocol:TLSv1*

Profile Access: Core & Sensitive & Restricted

Incoming Claim 7: CardBasedAuth

Incoming Claim Type: Group

Map to Claim: Credential Strength Medium Hardware

Profile Access: Core & Sensitive & Restricted

  • With ADFS, only the name of a Custom (Attribute) claim can be mapped but the value has to be the same as expected by the application. This makes Custom claim mappings much less flexible as the IDP has to claim the exact same value as expected by the SP.  
Operated by   bgcolor={{{color}}}}}|Exostar
Interop Roles   bgcolor={{{color}}}}}|WS-Federation Relying Party {{ #if: http:// |: http:// |}}  
  bgcolor={{{color}}}}}|{{ #if: http:// |: http:// |}}  
  bgcolor={{{color}}}}}|{{ #if: http:// |: http:// |}}  
  bgcolor={{{color}}}}}|{{ #if: http:// |: http:// |}}  

Click here for help populating this chart. {{ #if: WS-Federation Relying Party | {{#vardefine:DtArticleSortKey|}}

BG09 WS-Federation Relying Party Test List

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|Exostar ForumPass}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Exostar ForumPass|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=BG09_WS-Federation_Relying_Party_Test_List,from={{#var:page}},namespace=BG09|copy]]  [[Special:Call/DT Articles list XML,type=BG09_WS-Federation_Relying_Party_Test_List,title={{#var:page}},namespace=BG09|as XML]]  edit
}}
{{#if:|Tests for |Tests for }}   Exostar ForumPass
JIT Provisioning   bgcolor={{{color}}}}}|{{#dpl: |include = {BG09 Result}:outcome |title = BG09:BG09_Result-F1-rp-1-x-Exostar ForumPass |noresultsheader = Not Tested }}
Single Sign-On   bgcolor={{{color}}}}}|{{#dpl: |include = {BG09 Result}:outcome |title = BG09:BG09_Result-F1-rp-2-x-Exostar ForumPass |noresultsheader = Not Tested }}


|

}}

{{ #if: | {{#vardefine:DtArticleSortKey|}}

BG09 Test List

Template:BG09 Test List | }}

{{ #if: | {{#vardefine:DtArticleSortKey|}}

BG09 Test List

Template:BG09 Test List | }}


{{ #if: | {{#vardefine:DtArticleSortKey|}}

BG09 Test List

Template:BG09 Test List | }} {{ #if: WS-Federation Relying Party | | }} {{ #if: | | }} {{ #if: | | }} {{ #if: | | }}