KB_170044: How To release attributes from Active Directory when authenticating with IDENTIKEY Federation Server (IFS) and IDENTIKEY Authentication Server (IAS)5/12/2017 12:13:03 PM
A customer would like for example the email attribute released from Active Directory after a successful authentication from IFS to IAS. In this article we will describe how to configure this, based on the example of the IFS built-in userpage with Radius authentication to IAS.
1. Create RADIUS Authentication profile in IFS
In the IFSM, select Authentication => Manage methods
Edit and configure RADIUS authentication with the IP address of the IAS.
Enable “Allow user attribute gathering”.
2. Register the test application in IFS
In the IFSM, select Applications => Add application.
Application type: Select Generic A-Select application.
Selected profiles: Radius Authentication.
Certificate import method: Select Import server certificate
Server address: Use https://localhost/
3. Configure LDAP
In the IFSM, select Authentication => LDAP Settings.
Enable the option and configure LDAP:
Save and click Restart once the profile is completed.
Please note that once you activate LDAP, IFS will always check in Active Directory if the user exists before it forwards the authentication to IAS. If the user does not exist in Active Directory, the authentication will not be forwarded to IAS.
For the synchronization of Active Directory users with IAS, the LDAP sync tool, delivered with IAS can be used.
4. Create a client component in IAS
In the IAS webadmin, select Clients => Register.
Location: IP of IFS
Fill in the Shared Secret as entered in the RADIUS Authentication profile of IFS.
5. Configure attributes on userpage application.
In the IFSM, select Applications => userpage.
Add the “mail” attribute:
6. Test with user “vasco2” on userpage
Also check that the user “vasco2” exists in IAS.
Login to the userpage https:///ifs/sso/user with the One Time Password.
Applies to: IDENTIKEY Federation Server
KB 170044– 12/05/2017
© 2017 VASCO Data Security. All rights reserved.