ADFS Setup Instructions
Introduction to ADFS
It is recommended to be familiar with ADFS prior to the setup with Trax
For more information view https://msdn.microsoft.com/en-us/library/bb897402.aspx?f=255&MSPPError=-2147217396
Prerequisites
1. Install ADFS Role Service
2. Deploying a Federation Server Farm
Trax Authentication Configuration
When the ADFS is configured and ready, pleas perform the following steps to configure the integration with Trax:
-
Safe the ADFS Transform Rules to a filename "Issuance-Transform-Rules.txt":
@RuleTemplate="LdapClaims"
@RuleName = "ldap attr"
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
= > issue(store = "Active Directory", types = ("email", "user_name", "display_name"), query = ";mail,userPrincipalName,displayName;{0}", param = c.Value);
-
Execute the following windows powershell commands:
-
Add ADFS Client:
Add-AdfsClient -Name "TraxImageRecognition" -ClientId "1adb656e-79d6-4a08-ad7f-448b0484ca44" -RedirectUri @("https://services.traxretail.com/auth/v3/oauth2callback/", "https://services-int.trax-cloud.com/auth/v3/oauth2callback/", "https://services-int.trax-cloud.com/auth/v4/oauth2callback/"," https://services-int.traxretail.com/auth/v4/oauth2callback/") -Description "OAuth 2.0 client for Trax Image Recognition"
-
Add Relying Party Trust:
Add-AdfsRelyingPartyTrust -Name "TraxImageRecognition" -Identifier https://services.traxretail.com -IssueOAuthRefreshTokensTo AllDevices -EnableJWT $true -IssuanceTransformRulesFile "Issuance-Transform-Rules.txt"
-