3.5 Installing the AD FS Adapter OAuth
Before you install the AD FS Adapter OAuth, make sure you have the following web services installed and configured:
-
ADFS Auth web service – see section 3.3, Setting up the ADFS Auth web service.
-
Standalone authentication service (web.oauth2.ext) – see section 3.4, Configuring the standalone authentication service for AD FS.
You must install the AD FS Adapter OAuth on the AD FS server.
To install the adapter:
-
Copy the installation program onto the AD FS server.
The AD FS Adapter installation program is provided with the MyID installation media in the following folder:
\Authentication\AD FS Adapter for MyID\
- Run the .msi installation program.
-
Click Next to begin.
-
Select the location for the AD FS Adapter.
By default, the AD FS Adapter is installed to the following location:
C:\Program Files\Intercede\
The installation program creates a the following folders in this location:
-
ADFS_Adapter_OAuth – contains the AD FS Adapter configuration files.
-
Themes – contains the themes for the AD FS Adapter;
Note: The themes folder is shared with the AD FS Adapter Mobile, if you have it installed.
Click Next, and the Select Features screen appears.
-
-
Select the ADFS Adapter OAuth option.
For details of using the ADFS Adapter Mobile, see the Installing the AD FS Adapter Mobile section in the Mobile Authentication guide.
Click Next, and the ADFS OAuth Server screen appears.
-
Type the Server Name for your MyID standalone authentication server.
Note: Provide only the server name; do not include https:// or the path to the web.oauth2.ext service. For example:
myserver.example.com
The installation program stores the server in the Fido2AdfsAdapter.json configuration file for both the standalone authentication service and the ADFS Auth web service, automatically completing the full URL; for example:
"myidAuth": {
"server": "https://myserver.example.com/web.oauth2.ext",
"redirect_server": "https://myserver.example.com/AdfsAuth"
}Click Next, and the ADFS Client Secret screen appears:
-
Provide the Client Secret.
See section 3.4.1, Generating a shared secret for details of generating a shared secret and using it to secure the connection between the AD FS Adapter and the standalone authentication service.
The installation program stores this in the Fido2AdfsAdapter.json configuration file as an encrypted value:
"myidAuth": "client_secret"
Click Next, and the MyID Theme screen appears.
-
In the Application box, type the display name that was provided for the Relying Party Trust for which the AD FS Adapter OAuth will provide the authentication.
To find the display name, look in the following location:
Server Manager > Tools > AD FS Management > AD FS > Relying Party Trusts > Display Name
For more information on themes, see section 3.6.3, Managing themes.
Click Next, then click Install.
- When the installation program has completed, click Finish.
3.5.1 Uninstalling the AD FS Adapter OAuth
You can uninstall the AD FS Adapter OAuth from the Apps & features section of Windows Settings; it is listed as the AD FS Adapter for MyID.
Note: Uninstalling the AD FS Adapter OAuth also uninstalls the AD FS Adapter Mobile, if you have it installed.