Installation
Pre-requisite
- Launch ADFS Plugin Inline setup via executing file IDS.IDComplete.ADFSPluginInline-XXXX-x64.msi. Accept the license terms and choose Complete for the installation type.
- After installing the ADFS plugin, open the registry editor to the following path: [HKEY_LOCAL_MACHINE\SOFTWARE\IDGlobal]. Give "Full control" access rights to the registry folder IDComplete ADFS Plugin Inline for the service account that runs the ADFS service.
- Open a File Explorer window and navigate to %ALLUSERSPROFILE%. Give "Full control" access rights to the folder IDGlobal for the ADFS service account.
- Restart the Active Directory Federation Services service.
Configuring Plugins Settings
Plugins settings can be run from the IDComplete ADFS Plugins Inline Configurators.
%PROGRAMFILES%\\IDGlobal\\IDComplete ADFS Plugin Inline\\IDS.IDComplete.ADFSPluginInlineConfigurator.exe.
Plugin settings are stored in the Registry folder as below:
[HKEY_LOCAL_MACHINE\SOFTWARE\IDGlobal\IDComplete ADFS Plugin Inline].
Connectivity Parameters
CAUTION
User must ensure using HTTPS for all URIs, since authID requires HTTPS connectivity. User must replace localhost with the SaaS domain for the authID service: id.authid.ai.
| Parameter | Default Value | Description |
|---|---|---|
| BioWeb URI | Network address (URL) of the Bio Web Application. Use https://id.authid.ai | |
| Administration service URI | localhost | Network address (URL) of the IDComplete Backend Administration Service (REST interface) |
| Customer name | Administrative User Login or API key ExternalId | |
| Customer password | Administrative User Password or API key Value | |
| AllowBypassOfflineServices | False | Bypass second-factor authentication if IDComplete services are offline |
| SecurityProtocols | True for all (SSL3, TLS, TLS11, & TLS12) | Supported channel security protocols |
NOTE
After setting the CustomerPassword parameter, when the ADFS plugin is started, the specified parameter is encrypted and written to the parameter CustomerEncryptedPassword and the CustomerPassword parameter is deleted.
Inline Authentication Parameters
INFO
User must have a custom operation available to control behavior of the plugin. Check the available operations by using the GetCustomOperations API endpoint.
| Parameter | Default Value | Description |
|---|---|---|
| Custom operation name | Custom operation name to be invoked | |
| Account operation parameter name | Text | Custom operation parameter name used for sending account name |
| Operation or transaction timeout (sec) | 180 | |
| Delay before submit page (sec) | 5 | The delay between showing the Bio-Web application result and sending it to the ADFS Plugins Inline. |
| Allow self-enrollment biometry | False | The flag allows the creation of biometrics credentials in case of its absence. |
| Show final page | True | Flag determines whether or not to display a successful authentication page. |
Logging Parameters
| Parameter | Value | Description |
|---|---|---|
| Log file path | c:\ProgramData\IDGlobal\IDComplete ADFS Plugin Inline\Logs\IDS.IDComplete.ADFSPluginInline.log | ADFS plugin log file path |
| Log file path | ERROR | Logging level (OFF, FATAL, ERROR, WARN, INFO, DEBUG, ALL) |
After changing any parameter of the plugins and pressing the "OK" the user should see a dialog prompting the user to restart the ADFS service.
Updated about 2 months ago