Creating an ADFS application group for Metasys - Metasys - LIT-1201528 - General System Information - Metasys System - 12.0.50

Security Administrator System Technical Bulletin

Product
Building Automation Systems > Building Automation Systems > Metasys System
Document type
Technical Bulletin
Document number
LIT-1201528
Version
12.0.50
Revision date
2023-06-02

To set up an application group that takes requests from the Metasys UI, complete the following steps:

Procedure

  1. On the server hosting ADFS, go to Control Panel > All Control Panel Items > Administrative Tools and select AD FS Management.
  2. In AD FS management, right-click Application Groups and select Add Application Group.
    Figure 1. ADFS management

  3. In the Name box, select a name for your new group; for example, Johnson Controls Metasys. In the template box, under Client-server applications, select Native application accessing a web API and click Next.
    Figure 2. Add application group

  4. This generates a client identifier number. Copy and paste the Client Identifier number into Notepad as you need this number when you configure ADFS with Metasys at a later stage.
    Figure 3. Client identifier

  5. In the Redirect URI dropdown box, enter the URL ending in UI from the Metasys UI window and select Add. You need to fill in this parameter for whitelisting that happens on the ADFS side. When ADFS gets a request, ADFS makes sure that the request comes from the URLs that are registered for Metasys UI only. Click Next.
    Figure 4. Redirect URI

    Note: You can add multiple URLs if you need to.
    Note: You need to add the trailing / at the end of the URL https://metasys11server/UI/ for it to work. For example, https://metasys11server/UI does not work.
  6. In the Configure Web API window, re-enter the Client Identifier number you created earlier.
    Figure 5. Configure Web API window

  7. On the Choose Access Control Policy window, under Choose an access control policy, select Permit everyone and click Next.
    Figure 6. Choose access control policy

  8. Under Configure Application Permissions, click Next to bring you to the Summary and click Next to bring you to Complete. Click Close.
    Figure 7. Configure application permissions