Explore Our Topics

Prerequisite

  • You should know about Mividas products, ADFS, DNS, and certificates.
  • AD FS Service installed and configured for the organization.
  • All certificates, including CA root and Intermediary certificates, should be installed in the Mividas product.
  • Hostname/Fully Qualified Domain Name of ADFS Server and Mividas product.
  • Time synchronization (NTP) is configured and in sync.
  • Active Directory Security or Distribution groups set up for the following roles:
    • Standard User
    • Administrator
    • Superuser

Configuration step by step

  1. Configure Mividas Core/Portal
  2. Configure Microsoft ADFS
    • Configure Relying Party Trust in Microsoft ADFS
    • Configure Claims in Microsoft ADFS

Configure Mividas Core/Portal

Note: See the URLs above for adding certificate and details for the different SAML SSO settings in the Mividas Product.

Configuring Microsoft ADFS

Start the AD FS Manager. Click on the Windows flag on the server hosting the ADFS Service and select Windows Administrative Tools -> AD FS Management.

Configure Relying Party Trust

Step 1: Add Relying Party Trust

When AD FS Management is started, right-click Relying Party Trust, select Add Relying Party Trust, and then click Start.

Step 2:

Fill in the URL, https://<Mividas FQDN>/saml/metadata to automatically get the Federation Metadata from the Mividas Product in the Federation metadata address field, then click Next.

Step 3:

Enter a Display name that describes this setup, then click Next>.

Step 4:

Choose an appropriate access control policy for your implementation, and click on Next.

Step 5:

Review the data in the different tabs and click on Next.

Step 6:

Check the “Configure claims issuance policy for this application” and click Close on the next page.

Configure Claims

If you checked the “Configure claims issuance policy for this application”, you will see the Edit Claims configuration Window. If you did not, or have closed the Edit Claims Window, you can access it again by right-clicking the Relying Party Trust you configured and selecting the “Edit Claim Issuance Policy…” menu.

Step 1: Click on the “Add Rule…” button.

Step 2: In the “Claim rule template” dropdown menu, select “Send LDAP Attributes as Claims.” and click Next.

Step 3: Enter Claims

Select Active Directory as the Attribute store and select the LDAP Attribute in the left column and type in the Outgoing claims in the right column in the “Mapping of LDAP attributes to outgoing claim types field” (as the screenshots below) and click on Finish.
Make sure the Outgoing claims for username, groups and customers ** are configured exactly as in the SAML/SSO configuration for the Mividas product.

** Customer SAML claim is only used in Multi-tenant solutions!

Step 4: Finish by clicking Apply and Ok in the next dialog.

Test the configuration

Go back to the Mividas Product, check the configuration and try to log in.

Troubleshooting

First go back to the “SAML SSO settings” in the Mividas product and check “Enable debug-mode” to get more information in the logs.

Mividas logs

Step 1: Navigate to the Mividas Installer https://<fqdn-or-ip>:8999

Step 2: Click on  Details for the product.

Step 3: Click on Log viewer.

Step 4: Check the service that ends with _web and click Display logs to view the logs.

Timing issue between Mividas Meeting Portal and ADFS

If you see the following in the logs there is a time issue between Mividas Meeting Portal and ADFS.

| XML parse error: Can't use response yet: (now=2022-05-02T13:56:38Z + slack=0) <= notbefore=2022-05-02T13:56:39.221Z
Solution

The solution relies on using the PowerShell API to make the modification. There is no setting for “NotBeforeSkew” when configuring Relying Trust in the GUI.

Load up the ADFS PowerShell plug in
Add-PSSnapin Microsoft.Adfs.PowerShell
View current values
Get-ADFSRelyingPartyTrust –identifier “urn:party:sso”
Set the skew to 1 minutes Where “urn:party:sso” is one of the Identifiers for your Relying Party and you want the NotBefore values set back 1 minutes before the ticket is created.

Set-ADFSRelyingPartyTrust –TargetIdentifier “urn:party:sso” –NotBeforeSkew 1

Diffie-Hellman Key to short

If you see the following in the log the idp is probably using a Diffie-Hellman Key lenght of 1024 bit.

"139651732964544:error:141A318A:SSL routines:tlsprocessskedhe:dh key too small:../ssl/statem/statemclnt.c:2158:"
Solution

Follow the instructions in Security Advisor from Microsoft: https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3174644?redirectedfrom=MSDN to increase Diffie-Hellman Key length.

If you can’t change the ADFS server Diffie-Hellman Key lenght support at this time, folow the steps below:

  • Remove the config in the field “URL to autoconfig metadata XML-file” from Mividas Portal (Step 4 above).
  • Use the same URL in your web-browser to retreive the metadata as a text file.
  • Copy the content of the textfile in the “Offline idP metadata XML” instead.
  • Save
  • Deploy Mividas Product
Previous Configure BankID authentication for meetings
On This Page

    Enhanced video conferencing for on-premises and cloud platforms

    Try Mividas
    © Mividas Video Solutions AB 2025