ADFS - Introduction & How it Works
Posted by Edd Clementson, Last modified by Tom Keegan on 15 April 2019 11:01 AM
Active Directory Federated Services -- It is an authentication method for users that is used with web applications that talks with active directory on a server.
ADFS is installed on your active directory server (essentially is an add-on to AD). As a school you may also need to turn on a role/several roles to get this working but turning this on could impact other areas of your server. There are also varying scenarios for different school networks in regards to the settings you use.
What does ADFS allow with Frog?
A user (staff or student) will login to their local machines at school with their personal accounts. When they visit Frog through their chosen internet browser they will enter their username only and should then be automatically logged into the platform.
Key Concepts of ADFS
The security token contains lots of information about the user. In Frog's case we only check the username.
If an error is produced when attempting to login, make a note of any error codes as the Frog Support Desk may be able to investigate further.
ADFS – How does it work?
User could visit the standard login page or visit www.URL.com/app/ADFS because if they are on the local school network they will have an ADFS token so will be logged in. The method below explains auto logging people in with users entering their username.
Providing the user also exists within Frog, the Frog server returns a cookie to your browser and the user should then be logged in. A cookie is a text file stored on your computer containing basic information to ensure you remain logged in during this session on the local computer.
Problems – What to Check?
The common things to check when you experience issues with ADFS not working or get an unhandled exception error:
(Frog 3 - Can be checked in the Toolkit, FrogLearn this must be checked by the Frog Systems Team)
There may be an issue with ADFS working if the times are different on the 2 servers. The Frog server should be set to UK time but you may use a local NTP server to obtain the time which could differ from UK time. Within Frog 3, schools have change the NTP server (IP address) field in order to sync the server time. Within FrogLearn our systems team must currently make this change.
N.B, If all above have been checked, please call the Frog Support Desk and provide the error reference number and we will assist you further where we can.