Versions Compared

Old Version 28

changes.mady.by.user Christoph Bimminger

Saved on

compared with

New Version 29

changes.mady.by.user Manuel Gierlinger

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Add the following field mapping configurations:

Field property pathValidate/UpdateData Field
given_nameUpdateRecipient First Name
family_nameUpdateRecipient Last Name
['urn:pvpgvat:oidc.bpk']UpdateDisposable Certificate document type

Please note that the disposable certificate identification number will be updated with this configuration. If you want to override the identification number as it is shown in the configuration please also make sure to add a disposable certificate for the signer.

...

The OAuth provider might not be visible on the login page, depending on the setting "Share on login page" in Step 5.
Use the "Direct access url" instead.

OAuth 2.0 (ADFS 2016)

Step 1: Create an Application Group in AD FS 2016 and later

  1. In AD FS Management: Choose Add Application Group from under Application Groups.

  2. Give a name and choose Server application accessing a web API from the Template. It is under the category Client-Server applications.

  3. Copy the Client Identifier and keep it somewhere. This is needed later.

  4. Add the Redirect URI by pasting it and clicking add.

  5. Click next and then enable the checkbox Generate a shared secret. Copy this secret and then click next.

  6. Add the Client Identifier from step 3 under Identifier and click next.

  7. Choose access control policy as required. Default is Permit everyone. Click Next.

  8. Accept the default selection of openid under permitted scopes and click next. Other ones like email and allatclaims can also be selected if needed.

  9. Check summary and close.

Step 2: Pass necessary values
  1. Choose the Application Group that was created earlier and click on Properties.
  2. Edit the Web API Application
  3. Choose the Issuance Transform Rules tab.
  4. Create a rule which passes the necessary values like Email, Display Name etc.
Step 3: Web Application Proxy

If you are using Shared SaaS or Private SaaS, please make sure that your ADFS endpoint is available publicly since the server needs to access the URIs. Also, the endpoint should have a public certificate.

Windows Application Proxy server can be setup as per the instructions at https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn383662(v=ws.11)

Step 4: Configure eSignAnyWhere
  1. Login to eSignAnyWhere with a user that has administrative permissions on your Organization.
  2. Open the Settings > Identity Providers page and add new OAuth Settings for User Authentication.
  3. Note in case of ADFS that there are no forward slashes at the end. A mistake with the URL will result in the setup not working.
Provider NameIf "Share on login page" is enabled, this name will be displayed on the login page, so make sure it identifies your organization.
e.g.: ADFS Oauth for <Organization name>
Direct access urlIf "Share on login page" is disabled, this link is needed to login to eSignAnyWhere with OAuth 2.0.
Make sure you bookmark this link.
Redirect UrlThis is already set and has to be added in the Application Group. We already entered this URL in Step 1. Make sure it is the correct URL.

Client Id

your Client Identifier from Step 1
Client Secret:The shared secret that you saved earlier.
Scope:openid email
Authorization URI:https://FQDN/adfs/oauth2/authorize
Token URI:https://FQDN/adfs/oauth2/token
Logout URI:can be blank
Share on login pageDepending on the server settings this property might not be visible to you. If enabled your provider name will show up on the login page.
JWKS URI:https://FQDN/adfs/discovery/keys
Issuer:

https://FQDN/adfs

Click on "Add field" and enter "email" and map it to "User Email Address"

  1. Click on Update to save the configuration
  2. Click on the slider to enable the OAuth provider
Step 5: Add OAuth provider to existing users 
  1. Login to eSignAnyWhere with a user that has administrative permissions on your Organization.
  2. Open the Settings > Users page and edit the user you want to add the OAuth provider to
  3. Under OAuth assignments click on the + icon and choose your previously created OAuth provider
  4. The user will now get a validation email to finish the setup.
Step 6: Login to eSignAnyWhere using OAuth 2.0

The OAuth provider might not be visible on the login page, depending on the setting "Share on login page" in Step 4.
Use the "Direct access url" instead.

MyNamirial Account

Step 1: Request registration of a new Application in MyNamirial

...