Active Directory Federation Services Integration Guide Overview

Active Directory Federation Services (AD FS) is a standards-based service that securely shares identity information between applications. This documentation describes how to configure a single sign-on partnership between AD FS as the Identity Provider (IdP) and the Single Sign-On Service (SSO) for Pivotal Cloud Foundry as the Service Provider (SP).

SSO supports service provider-initiated authentication flow and single logout. It does not support identity provider-initiated authentication flow. All SSO communication takes place over SSL.

Prerequisites

To integrate AD FS with Pivotal Web Services (PWS), you need the following:

Pivotal

  • PCF, version 1.7.0 or later

  • Single Sign-On, version 1.1.0 or later

Active Directory Federation Services

  • Active Directory Federation Services subscription

  • A user with Administrative privileges

Note: To configure SAML, you must contact Pivotal to have Single Sign-On enabled for your PWS organizations through plan creation. You should be added as a plan administrator. For help configuring plans, see the Manage Service Plans topic.

Active Directory Federation Services Integration Guide

Configuring AD FS with SSO

Complete both steps below to integrate your deployment with AD FS and SSO.

  1. Configure Active Directory Federation Services as an Identity Provider
  2. Configure a Single Sign-On Service Provider

Testing and Troubleshooting

Was this helpful?
What can we do to improve?
View the source for this page in GitHub