To enable Single Sign-On (SSO) with ADFS and SAML from a Linux (RHEL 8) workstation, you'll need to use SAML-based authentication. Since you've already configured SSSD and PAM for user authentication, the main task remaining is to set up SAML authentication with ADFS. Here's a high-level overview of the steps you need to follow:
Install and Configure SAML Authentication Software:
You need to install a SAML client library and configure it to work with your ADFS server. The most commonly used library is mod_auth_mellon for Apache. If you're using a different web server or application, there might be alternative libraries or configurations.
Install mod_auth_mellon:
sudo dnf install mod_auth_mellon
Configure mod_auth_mellon:
Edit the mod_auth_mellon configuration file. This file may be located at /etc/httpd/conf.d/mellon.conf:
sudo nano /etc/httpd/conf.d/mellon.conf
Here's a basic configuration:
<Location /your-sso-endpoint>
AuthType "Mellon"
MellonSPPrivateKeyFile /etc/httpd/sso/your-sp-key.key
MellonSPCertFile /etc/httpd/sso/your-sp-cert.crt
MellonIdPMetadata /etc/httpd/sso/adfs-metadata.xml
MellonEndpointPath /your-sso-endpoint
MellonUser "
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
MellonValid 1
Mellonsecure 1
</Location>
Modify the paths and options according to your setup.
Download ADFS Metadata:
Download the ADFS metadata XML file and place it in the location specified in the Mellon configuration. You can usually access the metadata via a URL like
https://your-adfs-server/FederationMetadata/2007-06/FederationMetadata.xml.
Enable and Start Apache:
Enable and start the Apache web server, which is configured to use mod_auth_mellon.
bash
Copy code
sudo systemctl enable httpd
sudo systemctl start httpd