Part II
續Part I。Work Place Subdomain 準備就絮~開始戲肉。SAML Config。 如SalesForce一樣,大路嘅Idp(ADFS / Azure AD /G Suite / OKTA / One Login / Ping Identity)都有article講點做。基於Domain 已經係 Azure AD 上面Federated,亦即係同Office365 一樣, 會返ADFS Server 做Auth / MFA。 所以係唔需要考慮ADFS 個article 點做。
SAML configuration 唔難。基本都係兩邊資料 Copy n Paste。 但係最鑊,最怕就係兩邊各自各描述。Field名唔知邊個對邊個。
今次都係,先Configure 係Azure AD,First Try照跟Article係唔夠Parameters
大路照跟可以,但係留意以下Step3 >>>>>> 跟Azure咁做係誤以為夠。第一唔清楚咩係Identifier。跟Azure Article 咁做係唔夠,Sequence亦唔啱。 第一唔清楚咩係Identifier。。。。亦要Tick “Show advanced URL settings”嘅CheckBox
係要返WorkPlace, Dashboard,Authentication,係SAML Authentication 呢個Page 下面嘅Info
Azure “Identifier” = WorkPlace “Audience URL” >>> “https://www.facebook.com/company/15digitvalue”
Azure “Reply URL” = WorkPlace “ACS (Assertion Consumer Service) URL” >>> “https://domain.facebook.com/work/saml.php”
Confusing Sample from Azure
3. On the Workplace by Facebook Domain and URLs section, perform the following steps:
a. In the Sign-on URL textbox, type a URL using the following pattern: https://<instancename>.facebook.com
b. In the Identifier textbox, type a URL using the following pattern: https://www.facebook.com/company/<instancename>
係Azure做完上半,噉Save。 再Scroll Down落下面噉”Configure Workplace by Facebook”。 接落嚟嘅Information要放返落WorkPlace嘅Authentication Page。
WorkPlace呢邊係兩個URL相對容易啲啲,不係啲名都係唔match
Azure “Azure AD Single Sign-On Service URL” >>> WorkPlace “SAML URL”
Azure “Azure AD SAML Entity ID” >>> WorkPlace “SAML Issuer URI”
最後當然係Paste 返係Azure Download 嘅Signing Cert落去。 先去噉”Test SSO”。先會Pass 個Test Auth。
Cont’d @ Part III
Reference Link
https://developers.facebook.com/docs/workplace/authentication/sso