Configuring ACS Proxy with PingFed for M365 and AD
You can setup an ACS Proxy working with Forcepoint ONE SSE, PingFed, and Microsoft365 using Active Directory 2019 as the directory store.
Following are the different components used in the setup along their versions:
- Directory/Data Store: Windows 2019 AD
- Federation Service: PingFed 10.2
- Microsoft365
Before starting, make sure you have Windows Active Directory installed as well as PingFed installed on a Windows Server. You can find documentation for installing PingFed on their Installation documentation page.
Note: Forcepoint ONE SSE UI supports UTF-8 characters. However, the SAML
assertion only supports low-ASCII characters as attribute values. If an attribute value contains characters that are not low-ASCII, then SAML sign-in failures occur.
Note: Forcepoint ONE SSE UI supports UTF-8 characters. However, the SAML
assertion only supports low-ASCII characters as attribute values. If an attribute value contains characters that are not low-ASCII, then SAML sign-in failures occur.
Once installed, you can proceed to the setup. You will need to do the following three configuration steps in PingFed:
- Creating a Data Store: To Manage data stores for use with attribute lookups.
- Configuring a PCV: Credential validators are plug-ins used to verify username and password pairs in various contexts throughout the system. The actual application of a validator instance must be configured in the appropriate context as needed (for example, OAuth Resource Owner Credentials Mapping).
- Configuring an AD Realm: PingFederate uses a centralized configuration of Active Directory Domains or Kerberos Realms to verify authenticated users via adapters or token processors.