Akamai Technologies
  • Product docs
  • API docs
  • Release notes
  • Community
Use other third party identity providers (IdP) for authentication and EAA as service provider (SP)>Integrate Active Directory Federation Service (AD FS)>Enable encrypted SAML responses between EAA and AD FS
Enterprise Application Access
  • Welcome to Enterprise Application Access
  • How EAA works
    • The service architecture
  • Quick start guide
    • Step 1: Create, download and install a connector
    • Step 2: Set up an authentication source
    • Step 3: Create and configure an application
    • Step 4: Configure an authentication source
    • Step 5: See your configuration take off! Deploy your application
    • Step 6: Give it a try
  • Feature previews
  • Control Center
    • Access the EAA Management Portal from Control Center
  • Role-based access control for EAA administrators
    • Create a custom role on Control Center
    • Add a user to a role on Control Center
  • Connectors
    • Connector installation requirements
      • Connector-to-VM and cloud platform compatibility matrix
      • Allow these service IPs to ensure connectivity to EAA connectors
    • Create and download a connector in EAA
    • Install and approve a connector in a virtual environment
      • Install a connector in a VMware environment
        • Install the VMware connector
        • Deploy a VMware vSphere Client using ESX or ESXi versions earlier than 6.5
        • Deploy a VMware vSphere Client using ESX or ESXi version 6.5 or later
          • Troubleshoot the VMware ESXi error: Failed to deploy VM: postNFCData failed
          • Troubleshoot the VMware ESXi error: VMware ESXi Embedded Host Client compressed disk image error
    • Configure networks with the connector VM console menu
      • Assign a static IP address to a connector from the connector console
      • Configure a DHCP address for a connector
      • Configure a DNS server for a connector
      • Check connector connectivity in the connector console
      • Accelerate connector connectivity time with the cloud
      • Configure a forward proxy server for a connector
      • Enable or disable remote debugging from a connector console
    • Install a connector in an OpenStack environment
    • Install a connector in a Microsoft Hyper-V environment
    • Install a connector in a Microsoft Azure environment
      • Verify that the connector was successfully created in Microsoft Azure
    • Install a connector in Amazon Web Services
      • Troubleshoot an Amazon Web Services connector
    • Install a Docker-based connector
    • Install a connector in a Google Cloud Platform environment
    • Common reasons for connector check-in failure
    • Associate a connector with an application
    • Add several connectors to an application for high availability
    • Rename a connector
    • Security update for connectors
      • Update connectors for security vulnerability
    • Connector health monitoring
    • Directories
      • Directory server certificate validation rules and use cases
      • Add or edit a directory
      • Add users to the cloud directory
      • Activate a user's account from a cloud directory
      • Add or remove users from the Cloud Directory admins group
      • Overlay groups
        • Create an overlay group
        • Add users to an overlay group
      • Search EAA for a directory user, group, or organizational unit
      • Sync users, groups, or organizational units in the EAA directory
      • Sync universal groups and users in a multi-domain Active Directory
      • Password complexity for end users in the Login Portal
        • Password character restrictions
        • Manage password complexity for the Login Portal from the Active Directory (AD)
    • Identity and identity providers
      • Add a new identity provider
      • Add a directory to an identity provider
      • Assign identity providers to an application
      • Deploy the identity provider
      • Identity provider health and deployment status
        • Troubleshoot IdP configuration errors from the IdP deployment status page
        • Troubleshoot IdP configuration errors from the application deployment status page
      • Change the identity provider session settings for an end user
      • Change the expiry timeout for end-user sessions
    • SAML
      • SAML flows
      • EAA as the SAML identity provider
        • Configure EAA as the IdP for a custom SaaS application
          • Set up Atlassian applications as the SP and EAA as the IdP
          • Set up Cisco WebEx Spark as the SP and EAA as the IdP
          • Set up GitHub Enterprise as the SP and EAA as the IdP
          • Set up Google G Suite as the SP and EAA as the IdP
          • Set up Meraki as the SP and EAA as the IdP
          • Set up O365 as the SP and EAA as the IdP
          • Set up Salesforce as the SP and EAA as the IdP
          • Set up ServiceNow as the SP and EAA as the IdP
          • Set up ShareFile as the SP and EAA as the IdP
          • Set up Slack as the SP and EAA as the IdP
          • Set up Tableau as the SP and EAA as the IdP
          • Set up Zendesk as the SP and EAA as the IdP
        • SAML IdP with Microsoft enhanced client or proxy
          • Configure Microsoft enhanced client or proxy in a SaaS application
        • Configure SAML for an Access application
    • OpenID Connect
      • OpenID Connect concepts and terms
      • Supported OpenID Connect specifications
      • OpenID Connect parameters for an application
        • Configure OpenID Connect for a SaaS application
        • Configure OpenID Connect for an Access Application
    • Web Services Federation
      • Configure EAA as the STS provider to access a SaaS application
      • Configure WS-Federation for an access application
    • Block and unblock users from accessing applications
      • Block users from accessing applications associated with an identity provider
      • Unblock users from accessing application associated with an identity provider
      • Block user from a directory associated with a third party identity provider.
        • Unblock users in the third party IdP
      • Use other third party identity providers (IdP) for authentication and EAA as service provider (SP)
        • Integrate with Azure Active Directory
          • Integrate Active Directory Federation Service (AD FS)
            • Send simple LDAP attributes from AD FS to EAA
              • Add AD FS as an identity provider in EAA
              • Setup relying party trust in AD FS
              • Use claims to send LDAP attributes from AD FS to EAA
              • Upload AD FS metadata to EAA IdP
              • Verify application user's email is sent from AD FS to EAA
            • Send complex attributes like group membership from AD FS to EAA
              • Add AD FS as an identity provider in EAA
              • Setup relying party trust in AD FS
              • Use custom claim description for sending group membership from AD FS to EAA
              • Upload AD FS metadata to EAA IdP
              • Verify AD FS group membership is sent from AD FS to EAA
            • Enable signed SAML requests between EAA and AD FS
              • Configure EAA for signed SAML requests
              • Configure AD FS for signed SAML requests
            • Enable encrypted SAML responses between EAA and AD FS
              • Configure EAA to send encrypted SAML responses
              • Configure AD FS for sending encrypted SAML responses
          • Integrate Okta
            • Authenticate user access to applications with OneLogin
          • User attributes
            • Create user attributes in EAA
            • Map user attributes of the directory
            • Perform a manual directory sync in EAA
            • Map custom LDAP user and group attributes to the EAA directory
          • Single sign-on (SSO) authentication
            • Use single sign-on (SS0) authentication for Atlassian Confluence
            • Use single sign-on (SSO) authentication for Atlassian JIRA
            • Configure single sign-on (SSO) for Jenkins using HTTP headers
          • Desktop single sign-on authentication
            • Add IWA workflow to an Akamai IdP
              • User agent strings
              • Description of use IWA parameter used in Integrated Windows Authentication settings
            • Configure automatic logon with Kerberos on end-user's machine for Akamai IdP
            • Configure EAA and Active Directory controller to use desktop SSO for IdP
            • Troubleshooting IWA
              • Troubleshooting issues in IWA
              • Troubleshooting HTTP response error codes
          • Multi-factor authentication
            • Enable a global multifactor authentication policy for Login Portal users
            • Enable or disable multi-factor authentication for each application
            • Enable or disable multi-factor authentication for each directory or certain groups
            • Bypass MFA
              • Configure bypass MFA criteria for an Akamai identity provider
            • Enable or disable multi-factor authentication for each application
            • Authenticate with recovery code instead of using MFA for an application
              • Install a time-based one-time password applications on a mobile device
              • Enable two-factor authentication for admin users
              • Reset the onetime password for a user
              • Customize the organization name in email and SMS MFA token notifications
              • Duo Security two-factor authentication
                • Retrieve information from Duo Security
                • Configure Duo Security in EAA
              • Confirm users can receive multi-factor authentication notifications
              • Payment Card Industry Data Security Standard (PCI DSS) compliant mode for MFA
                • When to use different types of MFA
                • Enable a global PCI DSS compliant MFA for Login Portal users
            • Certificates in EAA
              • Add a certificate to EAA
              • Upload a ROOT CA certificate for origin server validation
              • Associate a certificate for using your own domain for your application
              • Remove a self-signed certificate
              • Check the expiration date of an SSL certificate
              • Certificate rotation
                • Certificate-based authentication in the IdP
                  • Enable certificate-based authentication for the IdP
                • Online certificate status protocol (OCSP)
                  • Create an online certificate status protocol (OCSP)
                • Certificate-based user authentication with optional MFA at IdP
                  • Enable certificate-based user validation in Akamai IdP
              • Certificate-based validation of origin servers
              • Applications
                • Add an application to EAA
                • Configure access parameters for an application
                • Deploy the application
                • Application configuration versioning and rollback
                  • Assign a directory to an application
                  • Access an application in the EAA Management Portal
                  • Log in and access applications in the Login Portal
                  • Use EAA application portal with third party IdP and allow users to access applications
                  • Offload web application traffic from EAA cloud
                    • Add public IP gateways to an IdP
                    • Enable on premise end users to web access applications bypassing the EAA Cloud
                  • Application groups for rewrite rules
                    • Create application groups for rewrite rules
                  • Single Host Access for access applications
                    • Configure single host access and application groups for accessing HTTP Access applications
                  • Set up a CNAME redirect for an application
                • Remote desktop protocol applications
                  • Configure and deploy a remote desktop (RDP) application
                  • Maximum resolution for an RDP session in EAA
                  • Configure the initial setup for an RDP application
                  • Enable single sign-on auto-login for RDP applications
                  • Connect a Microsoft Windows server to an RDP application
                  • Access the remote desktop application
                  • Configure RDP client display settings
                  • Upload files to the RDP portal
                  • Download files from the RDP Portal
                • SSH applications
                  • Configure and deploy a SSH application
                  • Enable SSH auditing
                • Set up services for an application
                  • Disable data compression
                  • Access control rules
                    • Create and edit access control rules
                    • Disable or delete access control rules
                    • Use control traffic shortcut in application card to configure access control rules
                  • URL rewrite rules
                    • Configure URL rewrite rules
                    • Content type rewrite reference table
                  • Internet Content Adaptation Protocol
                    • Configure lCAP for an application
                  • URL path-based policies
                    • Configure URL path-based policies for an application
                    • Point users to a specific URL to log out
                • Set up advanced settings for an application
                  • Hide an application in the Login Portal from end-users
                  • Enable WebSockets for an EAA application
                  • Forward Kerberos ticket-granting ticket to application
                  • Configure SAML single log out
                  • User-facing authentication mechanism for applications
                    • Configure the user-facing authentication mechanism
                  • Multiple failed login attempts
                    • Set a temporary lockout for multiple failed login attempts
                  • Server load balancing for applications and connectors
                    • Configure server load balancing for applications and connectors
                    • Enable load balancing for several application servers
                  • Custom HTTP headers
                    • Configure custom HTTP headers
                  • Configure HSTS for an application
                  • Kerberos-constrained delegation
                    • Add a keytab for Kerberos-constrained delegation
                    • Interact with a keytab card
                  • Change an EAA application server read timeout setting
                  • Configure TLS Cipher Suite for applications
                • Login Portal customization
                  • Application categories
                    • Create an application category
                    • Assign a category to an application
                    • Edit or remove an application category assignment
                  • Add logos and images to the Login Portal login page
                  • Configure, enable, or reset a color theme for the Login Portal
                    • Preview a Login Portal color theme
                  • Customize the password reset URL and new user sign up URL for the Login Portal
                  • Login Portal languages
                    • Configure the Login Portal language and other user interface characteristics
                  • Customize the labels for the password reset and new user sign up links for the Login Portal
                  • Customize the message to be sent to the administrator for obtaining recovery code in the Login Portal
                  • Customize the Login Portal tab name in the browser
                  • Enable iFrame embedding for the Login Portal login page
                  • Create favorite applications in the EAA Login portal
                    • Add the favorite icon to all applications associated with an identity provider
                    • Add favorite icon to all applications associated with third-party identity provider
                    • Move applications to favorites section in Login portal
                    • Remove applications from favorites section in Login portal
                • View EAA dashboard
                  • Check EAA health, application and user statistics, login failures, geographical locations of users, active sessions created by unique users and obtain reports
                • Reports
                  • Create a preset report
                  • Create an application report
                  • Create an Admin Event report
                  • Create an SSH audit report
                  • Save a report
                  • Download a saved report
                • User Diagnostics portal
                  • Using the User Diagnostics portal
                  • Use cases solved with User diagnostics portal
                • Troubleshooting overview and tips
                  • Application response codes, login events, and errors
                    • Troubleshoot error code: 549 Authentication Gateway Error
                  • Set up an EAA admin help desk email address
                  • Service/debug mode
                    • Enable service/debug mode
                  • Troubleshoot connectors
                    • Enable or disable remote debugging for a connector
                    • Troubleshoot an unreachable connector
                    • Test connector connectivity to applications with troubleshooting tools
                      • Run a connector troubleshooting utility
                    • Self-upgrade of EAA connectors
                    • Gather a Fiddler trace
                  • Troubleshoot directories
                    • Test connectivity between the directory and connector
                    • Review directory diagnostics and domain information
                    • Check the user’s login credentials for the Login Portal
                    • Troubleshoot unable to add a new user to the Cloud Directory
                  • Troubleshoot applications
                    • Troubleshoot application deployment
                    • Troubleshoot application connectivity
                    • Troubleshoot application access denied
                    • Troubleshoot application links not working
                    • Troubleshoot receiving a password prompt for every application link
                    • Delete an EAA IdP or group from an application
                    • Troubleshoot access to a Kerberized application
                    • Troubleshoot page not working issues
                  • Troubleshoot certificates
                    • Troubleshoot certificate issues with Mozilla Firefox
                    • Troubleshoot access to applications secured with EAA through Chrome that are accessed with Safari and Firefox
                • Install EAA-SDK
                • Extract EAA-SDK documentation from download URL
                • Generate an API key
                • Delete the EAA-SDK API credentials
                • Integrate Splunk
                • Integrate EAA with Kona Site Defender and Akamai Ion
                • Notice

                Enable encrypted SAML responses between EAA and AD FS

                To enable communication with encrypted SAML responses, configure both EAA and AD FS. This is an optional configuration.
                • Configure EAA to send encrypted SAML responses
                • Configure AD FS for sending encrypted SAML responses
                Learn more
                • Configure EAA to send encrypted SAML responses
                • Configure AD FS for sending encrypted SAML responses

                Search Results

                Close
                • Akamai.com
                • Contact us
                • Legal & privacy
                • Portal terms of use
                • Copyright © Akamai Technologies, Inc. All rights reserved