Active Directory Federation Services Integration Guide Overview
Active Directory Federation Services (AD FS) is a standards-based service that securely shares identity information between applications. This documentation describes how to configure a single sign-on partnership between AD FS as the Identity Provider (IdP) and the Single Sign-On Service (SSO) for Pivotal Cloud Foundry as the Service Provider (SP).
SSO supports service provider-initiated authentication flow and single logout. It does not support identity provider-initiated authentication flow. All SSO communication takes place over SSL.
To integrate AD FS with Pivotal Web Services (PWS), you need the following:
PCF, version 1.7.0 or later
Single Sign-On, version 1.1.0 or later
Active Directory Federation Services
Active Directory Federation Services subscription
A user with Administrative privileges
Note: To configure SAML, you must contact Pivotal to have Single Sign-On enabled for your PWS organizations through plan creation. You should be added as a plan administrator. For help configuring plans, see the Manage Service Plans topic.
Configuring AD FS with SSO
Complete both steps below to integrate your deployment with AD FS and SSO.
- Configure Active Directory Federation Services as an Identity Provider
- Configure a Single Sign-On Service Provider