This tutorial will help walk you through setting up a an integration between ADFS and KnowledgeOwl using SAML 2.0.

  1. First you need to choose the Knowledge Base you would like to integrate with and then go to "Settings" > "Security" where you will see several fields under the heading SAML SSO Integration.  Check "Enable SAML SSO" and Save.
  2. On your windows server, find and open AD FS 2.0 Management (commonly found in the start menu under Administrative Tools).
  3. Once you have opened ADFS Management, got to "Action" -> "Edit Federation Service Properties".  
  4. Copy the link that is displayed under "Federation Service identifier" and paste it into KnowledgeOwl under "iDP entityID"

  5. For most ADFS builds, the "Login URL" and the "Logout URL" will be the base URL of the "iDP entityID" with "/adfs/ls/" as the endpoint instead of "/adfs/services/trust". If this is not true for your setup, you will need to locate the URL that your ADFS setup uses for authentication.  
  6. Next we will want to export our ADFS cert into a x509 DER format to upload into KnowledgeOwl. You can do this by going to "Service" -> "Certificates" right click on the certificate underneath of "Token-signing" and click on "View Certificate...".  
  7. Go to the "Details" tab and click on "Copy to File..." which will bring up a "Certificate Export Wizard".  
  8. In the wizard, choose next until you get to the format page. On the format page make sure that "DER encoded binary X.509" is selected and choose next. Choose a filename and a location that you will remember for the cert and then finish the wizard.
  9. In KnowledgeOwl, upload the certificate file we just created by clicking on the "Choose File" button next to x509 Certificate.  
  10. Once you have selected the correct certificate, scroll to the bottom of the page and click the save button.
  11. Now that KnowledgeOwl has your information, you will see some new links underneath of the SAML SSO Integration section of the page. Click on "KnowledgeOwl XML Metadata" which will bring up a popup with KnowledgeOwl XML metadata within it.
    If you aren't seeing any metadata, ensure that you've checked the box to "Enabled SAML SSO" and saved. The metadata is only generated after this option is saved.
  12. Copy the text from the "Service Provider Metadata for Reader Mapping" and open up new "Notepad". Paste the metadata text into notepad and choose "File" -> "Save as...".  Change the "Save as type:" to "All Files" and make sure you name the file with a .xml extention.
  13. Repeat step 12 for the text from "Service Provider Metadata for Knowledge Base:" but make sure you name the 2 files in a way that you can tell them apart.
  14. In ADFS, click on "Add Relying Party Trust..." which will open up another wizard. Click on "Start".  
  15. On the next screen select "Import data about the relying party from a file" and browse to the XML reader map data that we saved in step 12 and choose next.
  16. Choose a name that makes sense such as "KnowledgeOwl Reader Mapping", add whatever notes you would like, and click next.
  17. For most setups, you can simply click next until you finish this wizard which should open up the "Edit Claim Rules" dialog.
  18. If the "Edit Claim Rules" dialog does not come up, you can navigate to it by going to "Trust Relationships" -> "Relying Party Trusts" select the newly created trust identifier and click on "Edit Claim Rules...". 
  19. In the edit claim rules dialog click on "Add Rule..." and choose the default "Send LDAP Attributes as Claims" and click next. Here you can choose what information that you want to send to KnowledgeOwl. At the very least you need to send the E-Mail Address.  
  20. Click on "Add Rule..." again but this time under "Claim rule template:" choose "Transform an Incoming Claim" and choose next.
  21. Update the claim to match the following picture and click finish.  
  22. After you apply those claim rules, head back to KnowledgeOwl and click on the "Map Reader Fields" link. If all went well you should now see a list of dropdowns that you can map ADFS information to KnowledgeOwl readers. Make sure you map the "SSO ID" and the "Username / Email" fields, the rest of the fields are optional.
  23. Now that you have your ADFS fields mapped, repeat steps 14 - 21 making sure to use the "Service Provider Metadata for Knowledge Base" xml that you created in step 12 and you should be all set up and ready to use your SSO integration.