To set up an application group that takes requests from the Metasys UI, complete the following steps:
Procedure
- On the server hosting ADFS, go to Control Panel > All Control Panel Items > Administrative Tools and select AD FS Management.
-
In AD FS management, right-click Application Groups and
select Add Application Group.
Figure 1. ADFS management
-
In the Name box, select a name for your new group; for
example, Johnson Controls Metasys. In the template box, under
Client-server applications, select Native application
accessing a web API and click Next.
Figure 2. Add application group
-
This generates a client identifier number. Copy and paste the Client Identifier
number into Notepad as you need this number when you configure ADFS with Metasys
at a later stage.
Figure 3. Client identifier
-
In the Redirect URI dropdown box, enter the URL ending in UI
from the Metasys UI window and select Add. You need to fill in this parameter for whitelisting that
happens on the ADFS side. When ADFS gets a request, ADFS makes sure that the
request comes from the URLs that are registered for Metasys UI only. Click
Next.
Figure 4. Redirect URI
Note: You can add multiple URLs if you need to.Note: You need to add the trailing / at the end of the URLhttps://metasys11server/UI/
for it to work. For example,https://metasys11server/UI
does not work. -
In the Configure Web API window, re-enter the Client Identifier number you
created earlier.
Figure 5. Configure Web API window
-
On the Choose Access Control Policy window, under Choose an access control
policy, select Permit everyone and click
Next.
Figure 6. Choose access control policy
-
Under Configure Application Permissions, click Next to
bring you to the Summary and click Next to bring you to
Complete. Click Close.
Figure 7. Configure application permissions