Akamai Technologies
  • Product docs
  • API docs
  • Release notes
  • Community
Use other third party identity providers (IdP) for authentication and EAA as service provider (SP)>Integrate Active Directory Federation Service (AD FS)>Enable encrypted SAML responses between EAA and AD FS
Enterprise Application Access
  • Welcome to Enterprise Application Access
  • How EAA works
    • The service architecture
  • Quick start guide
    • Feature previews
    • Control Center
      • Access the EAA Management Portal from Control Center
    • Role-based access control for EAA administrators
      • Create a custom role on Control Center
      • Add a user to a role on Control Center
    • Connectors
      • Connector installation requirements
      • Connector-to-VM and cloud platform compatibility matrix
      • Create and download a connector in EAA
      • Install and approve a connector in a virtual environment
        • Install a connector in a VMware environment
          • Install the VMware connector
          • Deploy a VMware vSphere Client using ESX or ESXi versions earlier than 6.5
          • Deploy a VMware vSphere Client using ESX or ESXi version 6.5 or later
            • Troubleshoot the VMware ESXi error: Failed to deploy VM: postNFCData failed
            • Troubleshoot the VMware ESXi error: VMware ESXi Embedded Host Client compressed disk image error
      • Configure networks with the connector VM console menu
        • Assign a static IP address to a connector from the connector console
        • Configure a DHCP address for a connector
        • Configure a DNS server for a connector
        • Check connector connectivity in the connector console
        • Accelerate connector connectivity time with the cloud
        • Configure a forward proxy server for a connector
        • Enable or disable remote debugging from a connector console
      • Install a connector in an OpenStack environment
      • Install a connector in a Microsoft Hyper-V environment
      • Install a connector in a Microsoft Azure environment
        • Verify that the connector was successfully created in Microsoft Azure
      • Install a connector in Amazon Web Services
        • Troubleshoot an Amazon Web Services connector
      • Install a Docker-based connector
      • Install a connector in a Google Cloud Platform environment
      • Common reasons for connector check-in failure
      • Associate a connector with an application
      • Add several connectors to an application for high availability
      • Rename a connector
      • Security update for connectors
        • Connector health monitoring
        • Directories
          • Directory server certificate validation rules and use cases
          • Add or edit a directory
          • Add users to the cloud directory
          • Activate a user's account from a cloud directory
          • Add or remove users from the Cloud Directory admins group
          • Overlay groups
            • Create an overlay group
            • Add users to an overlay group
          • Search EAA for a directory user, group, or organizational unit
          • Sync users, groups, or organizational units in the EAA directory
          • Sync universal groups and users in a multi-domain Active Directory
          • Password complexity for end users in the Login Portal
            • Password character restrictions
            • Manage password complexity for the Login Portal from the Active Directory (AD)
        • Identity and identity providers
          • Add a new identity provider
          • Add a directory to an identity provider
          • Assign identity providers to an application
          • Deploy the identity provider
          • Identity provider health and deployment status
            • Troubleshoot IdP configuration errors from the IdP deployment status page
            • Troubleshoot IdP configuration errors from the application deployment status page
          • Change the identity provider session settings for an end user
          • Change the expiry timeout for end-user sessions
        • SAML
          • SAML flows
          • EAA as the SAML identity provider
            • Configure EAA as the IdP for a custom SaaS application
              • Set up Atlassian applications as the SP and EAA as the IdP
              • Set up Cisco WebEx Spark as the SP and EAA as the IdP
              • Set up GitHub Enterprise as the SP and EAA as the IdP
              • Set up Google G Suite as the SP and EAA as the IdP
              • Set up Meraki as the SP and EAA as the IdP
              • Set up O365 as the SP and EAA as the IdP
              • Set up Salesforce as the SP and EAA as the IdP
              • Set up ServiceNow as the SP and EAA as the IdP
              • Set up ShareFile as the SP and EAA as the IdP
              • Set up Slack as the SP and EAA as the IdP
              • Set up Tableau as the SP and EAA as the IdP
              • Set up Zendesk as the SP and EAA as the IdP
            • SAML IdP with Microsoft enhanced client or proxy
              • Configure Microsoft enhanced client or proxy in a SaaS application
            • Configure SAML for an Access application
        • OpenID Connect
          • OpenID Connect concepts and terms
          • Supported OpenID Connect specifications
          • OpenID Connect parameters for an application
            • Configure OpenID Connect for a SaaS application
            • Configure OpenID Connect for an Access Application
        • Web Services Federation
          • Configure EAA as the STS provider to access a SaaS application
          • Configure WS-Federation for an access application
        • Block and unblock users from accessing applications
          • Block users from accessing applications associated with an identity provider
          • Unblock users from accessing application associated with an identity provider
          • Block user from a directory associated with a third party identity provider.
            • Unblock users in the third party IdP
          • Use other third party identity providers (IdP) for authentication and EAA as service provider (SP)
            • Integrate with Azure Active Directory
              • Integrate Active Directory Federation Service (AD FS)
                • Send simple LDAP attributes from AD FS to EAA
                  • Add AD FS as an identity provider in EAA
                  • Setup relying party trust in AD FS
                  • Use claims to send LDAP attributes from AD FS to EAA
                  • Upload AD FS metadata to EAA IdP
                  • Verify application user's email is sent from AD FS to EAA
                • Send complex attributes like group membership from AD FS to EAA
                  • Add AD FS as an identity provider in EAA
                  • Setup relying party trust in AD FS
                  • Use custom claim description for sending group membership from AD FS to EAA
                  • Upload AD FS metadata to EAA IdP
                  • Verify AD FS group membership is sent from AD FS to EAA
                • Enable signed SAML requests between EAA and AD FS
                  • Configure EAA for signed SAML requests
                  • Configure AD FS for signed SAML requests
                • Enable encrypted SAML responses between EAA and AD FS
                  • Configure EAA to send encrypted SAML responses
                  • Configure AD FS for sending encrypted SAML responses
              • Integrate Okta
                • Authenticate user access to applications with OneLogin
              • User attributes
                • Create user attributes in EAA
                • Map user attributes of the directory
                • Perform a manual directory sync in EAA
                • Map custom LDAP user and group attributes to the EAA directory
              • Single sign-on (SSO) authentication
                • Use single sign-on (SS0) authentication for Atlassian Confluence
                • Use single sign-on (SSO) authentication for Atlassian JIRA
                • Configure single sign-on (SSO) for Jenkins using HTTP headers
              • Desktop single sign-on authentication
                • Add IWA workflow to an Akamai IdP
                  • User agent strings
                  • Description of use IWA parameter used in Integrated Windows Authentication settings
                • Configure automatic logon with Kerberos on end-user's machine for Akamai IdP
                • Configure EAA and Active Directory controller to use desktop SSO for IdP
                • Troubleshooting IWA
                  • Troubleshooting issues in IWA
                  • Troubleshooting HTTP response error codes
              • Multi-factor authentication
                • Enable a global multifactor authentication policy for Login Portal users
                • Enable or disable multi-factor authentication for each application
                • Enable or disable multi-factor authentication for each directory or certain groups
                • Bypass MFA
                  • Configure bypass MFA criteria for an Akamai identity provider
                • Enable or disable multi-factor authentication for each application
                • Authenticate with recovery code instead of using MFA for an application
                  • Install a time-based one-time password applications on a mobile device
                  • Enable two-factor authentication for admin users
                  • Reset the onetime password for a user
                  • Customize the organization name in email and SMS MFA token notifications
                  • Akamai MFA two-factor authentication
                    • Duo Security two-factor authentication
                      • Retrieve information from Duo Security
                      • Configure Duo Security in EAA
                    • Confirm users can receive multi-factor authentication notifications
                    • Payment Card Industry Data Security Standard (PCI DSS) compliant mode for MFA
                      • When to use different types of MFA
                      • Enable a global PCI DSS compliant MFA for Login Portal users
                  • Certificates in EAA
                    • Add a certificate to EAA
                    • Upload a ROOT CA certificate for origin server validation
                    • Associate a certificate for using your own domain for your application
                    • Remove a self-signed certificate
                    • Check the expiration date of an SSL certificate
                    • Certificate rotation
                      • Certificate-based authentication in the IdP
                        • Online certificate status protocol (OCSP)
                        • Certificate-based device authentication or user validation in the application
                        • Certificate-based validation of origin servers
                        • Applications
                          • Add an application to EAA
                          • Configure access parameters for an application
                          • Deploy the application
                          • Application configuration versioning and rollback
                            • Assign a directory to an application
                            • Access an application in the EAA Management Portal
                            • Log in and access applications in the Login Portal
                            • Use EAA application portal with third party IdP and allow users to access applications
                            • Offload web application traffic from EAA cloud
                              • Add public IP gateways to an IdP
                              • Enable on premise end users to web access applications bypassing the EAA Cloud
                            • Application groups for rewrite rules
                              • Create application groups for rewrite rules
                            • Single Host Access for access applications
                              • Configure single host access and application groups for accessing HTTP Access applications
                            • Set up a CNAME redirect for an application
                          • Remote desktop protocol applications
                            • Configure and deploy a remote desktop (RDP) application
                            • Maximum resolution for an RDP session in EAA
                            • Configure the initial setup for an RDP application
                            • Enable single sign-on auto-login for RDP applications
                            • Connect a Microsoft Windows server to an RDP application
                            • Access the remote desktop application
                            • Configure RDP client display settings
                            • Upload files to the RDP portal
                            • Download files from the RDP Portal
                          • SSH applications
                            • Configure and deploy a SSH application
                            • Enable SSH auditing
                          • Set up services for an application
                            • Disable data compression
                            • Access control rules
                              • Create and edit access control rules
                              • Disable or delete access control rules
                              • Use control traffic shortcut in application card to configure access control rules
                            • URL rewrite rules
                              • Configure URL rewrite rules
                              • Content type rewrite reference table
                            • Internet Content Adaptation Protocol
                              • Configure lCAP for an application
                            • URL path-based policies
                              • Configure URL path-based policies for an application
                              • Point users to a specific URL to log out
                          • Set up advanced settings for an application
                            • Hide an application in the Login Portal from end-users
                            • Enable WebSockets for an EAA application
                            • Forward Kerberos ticket-granting ticket to application
                            • Configure SAML single log out
                            • User-facing authentication mechanism for applications
                              • Configure the user-facing authentication mechanism
                            • Multiple failed login attempts
                              • Set a temporary lockout for multiple failed login attempts
                            • Server load balancing for applications and connectors
                              • Configure server load balancing for applications and connectors
                              • Enable load balancing for several application servers
                            • Custom HTTP headers
                              • Configure custom HTTP headers
                            • Configure HSTS for an application
                            • Kerberos-constrained delegation
                              • Add a keytab for Kerberos-constrained delegation
                              • Interact with a keytab card
                            • Change an EAA application server read timeout setting
                            • Configure TLS Cipher Suite for applications
                          • Login Portal customization
                            • Application categories
                              • Create an application category
                              • Assign a category to an application
                              • Edit or remove an application category assignment
                            • Add logos and images to the Login Portal login page
                            • Configure, enable, or reset a color theme for the Login Portal
                              • Preview a Login Portal color theme
                            • Customize the password reset URL and new user sign up URL for the Login Portal
                            • Login Portal languages
                              • Configure the Login Portal language and other user interface characteristics
                            • Customize the labels for the password reset and new user sign up links for the Login Portal
                            • Customize the message to be sent to the administrator for obtaining recovery code in the Login Portal
                            • Customize the Login Portal tab name in the browser
                            • Enable iFrame embedding for the Login Portal login page
                            • Create favorite applications in the EAA Login portal
                              • Add the favorite icon to all applications associated with an identity provider
                              • Add favorite icon to all applications associated with third-party identity provider
                              • Move applications to favorites section in Login portal
                              • Remove applications from favorites section in Login portal
                          • View EAA dashboard
                            • Check EAA health, application and user statistics, login failures, geographical locations of users, active sessions created by unique users and obtain reports
                          • Reports
                            • Create a preset report
                            • Create an application report
                            • Create an Admin Event report
                            • Create an SSH audit report
                            • Save a report
                            • Download a saved report
                          • User Diagnostics portal
                            • Using the User Diagnostics portal
                            • Use cases solved with User diagnostics portal
                          • Troubleshooting overview and tips
                            • Application response codes, login events, and errors
                              • Troubleshoot error code: 549 Authentication Gateway Error
                            • Set up an EAA admin help desk email address
                            • Service/debug mode
                              • Enable service/debug mode
                            • Troubleshoot connectors
                              • Enable or disable remote debugging for a connector
                              • Troubleshoot an unreachable connector
                              • Test connector connectivity to applications with troubleshooting tools
                                • Run a connector troubleshooting utility
                              • Self-upgrade of EAA connectors
                              • Gather a Fiddler trace
                            • Troubleshoot directories
                              • Test connectivity between the directory and connector
                              • Review directory diagnostics and domain information
                              • Check the user’s login credentials for the Login Portal
                              • Troubleshoot unable to add a new user to the Cloud Directory
                            • Troubleshoot applications
                              • Troubleshoot application deployment
                              • Troubleshoot application connectivity
                              • Troubleshoot application access denied
                              • Troubleshoot application links not working
                              • Troubleshoot receiving a password prompt for every application link
                              • Delete an EAA IdP or group from an application
                              • Troubleshoot access to a Kerberized application
                              • Troubleshoot page not working issues
                            • Troubleshoot certificates
                              • Troubleshoot certificate issues with Mozilla Firefox
                              • Troubleshoot access to applications secured with EAA through Chrome that are accessed with Safari and Firefox
                          • Install EAA-SDK
                          • Extract EAA-SDK documentation from download URL
                          • Generate an API key
                          • Delete the EAA-SDK API credentials
                          • Integrate Splunk
                          • Integrate EAA with Kona Site Defender and Akamai Ion
                          • Notice

                          Enable encrypted SAML responses between EAA and AD FS

                          To enable communication with encrypted SAML responses, configure both EAA and AD FS. This is an optional configuration.
                          • Configure EAA to send encrypted SAML responses
                          • Configure AD FS for sending encrypted SAML responses
                          Learn more
                          • Configure EAA to send encrypted SAML responses
                          • Configure AD FS for sending encrypted SAML responses

                          Search Results

                          Close
                          • Akamai.com
                          • Contact us
                          • Legal & privacy
                          • Portal terms of use
                          • Copyright © Akamai Technologies, Inc. All rights reserved