Introduction to ADFS

It is recommended to be familiar with ADFS prior to the setup with Trax 

For more information view https://msdn.microsoft.com/en-us/library/bb897402.aspx?f=255&MSPPError=-2147217396

​

Prerequisites 

1. Install ADFS Role Service 

    https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/deployment/install-the-ad-fs-role-service​

 

2. Deploying a Federation Server Farm

    https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/deployment/deploying-a-federation-server-farm

 

Trax Authentication Configuration

When the ADFS is configured and ready, pleas perform the following steps to configure the integration with Trax:

1. Safe the ADFS Transform Rules to a filename "Issuance-Transform-Rules.txt"​​:
   
   @RuleTemplate="LdapClaims"
   @RuleName = "ldap attr"
   c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
   = > issue(store = "Active Directory", types = ("email", "user_name", "display_name"), query = ";mail,userPrincipalName,displayName;{0}", param = c.Value);
    

2. Execute the following windows powershell commands:

   1. Add ADFS Client:
      
      Add-AdfsClient -Name "TraxImageRecognition" -ClientId "1adb656e-79d6-4a08-ad7f-448b0484ca44" -RedirectUri @("https://services.traxretail.com/auth/v3/oauth2callback/", "https://services-int.trax-cloud.com/auth/v3/oauth2callback/", "https://services-int.trax-cloud.com/auth/v4/oauth2callback/"," https://services-int.traxretail.com/auth/v4/oauth2callback/") -Description "OAuth 2.0 client for Trax Image Recognition"
      ​

   2. Add Relying Party Trust:
      
      Add-AdfsRelyingPartyTrust -Name "TraxImageRecognition" -Identifier https://services.traxretail.com -IssueOAuthRefreshTokensTo AllDevices -EnableJWT $true -IssuanceTransformRulesFile "Issuance-Transform-Rules.txt"