Does Epicor 10 support ADFS? I too am trying to setup IIS and EWA in our DMZ. Can we point the application server for an EWA installation, within the DMZ, to our existing, internal live / production, application and database servers? Can we allow windows authentication from EWA / IIS, within the DMZ, to our existing, internal Active Directory / Domain Controllers?
ADFS is just Windows Authentication from the POV of Erp 10 so yes. We assume you do all the magic in the background between your ADs to make the trust relationships.
1 Like
Well, I am looking for some help with doing / understanding all the āmagicāā¦
I found this post on the web of someone also looking to understand the āmagicā: https://social.technet.microsoft.com/Forums/windowsserver/en-US/92a34798-65ee-4e5e-a185-036c6da9da3b/allowing-iis-web-application-in-dmz-to-authenticate-ad-users?forum=winserverDS
A user at the bottom responded:
The app needs to be configured for SAML not the IIS itself. Check this: Building a test claims-aware ASP.NET application and integrating it with ADFS 2.0 Security Token Service (STS) | Microsoft Learn
ADFS can be configured in a way that if the users are accessing the app from the inside they would have sso expirience and wouldnāt be asked for creds twice. Check this: https://blogs.technet.microsoft.com/askpfeplat/2014/11/02/adfs-deep-dive-comparing-ws-fed-saml-and-oauth/
Does Epicor support SAML 2.0?
As of this time, no announcement on any other User Authentication mechanisms. Epicor User/password and MS Windows Auth.
There are tools out in the wild to convert SAML to WIndows Auth but none I have seen tried with Epicor ERP.
Whatās the high level need? An integration or?
Iām starting to understand this a little moreā¦ We are hoping we can use Azure to authenticate from the DMZ.
Now that I see how to deploy EWA as an extension I am hoping we can use an install path of the external DMZās dns name or IP address and file location for the install path field. Does the Install Path for EWA support that or would it have to be local to the application server?
ok, now that we are in āPilotā in Cloud - any SaaS customers can review the change log for 10.2.200 so I am sort of out from under our embargo on many thingsā¦ we havenāt shipped YET so last minute stuff does happen so take commentary with a grain of salt, etc, etc</>
We are adding Azure AD support to the core app, the rich client, REST, EWA and a few more apps. Anyone who has ever played in Azure AD - itās your SSO approach for cloud just as Windows Active Directory is the SSO approach to on premise.
More details to follow but for what you describe you can count on 10.2.200 support.
More apps will be made available during the 200 timeline - not everything has the same release cycle as 200 so some āExtensionā products will be release a little later. I honestly do not know which and when as the Azure AD effort was the last ERP 10 effort I was on before I moved into a new role.
When all the details come out Iāll do a post here on my take of the feature that will probably be relevant to the folks up here and my historical interactions. @josecgomez donāt get too excited itās not OAuth - but it is Azure AD and cloud SSO.
1 Like
I saw a quick example of this in action. We are Azure AD and working with the Cloud Team. Itās just like Bart said, first the Rich Client, Rest, EWA, Active Desktop, but others later. It seems fairly straight forward. The Cloud Users are seeing .200 in their Pilot databases now with a launch in April.
Mark W.
1 Like
Were you a part of the group demoed to last week? I heard it went well. I could not attend but would of liked being a fly on the wall to observe commentary.
I am looking forward to playing with a few new toys in the area I am pitching.
Yes. Cloud Services has a copy of our database thatās been anonymized. Once itās at .200, weāll test with our Azure AD this week. Looks very promising.
Mark W,
It was great to work with the Azure guys again. We were a part of the original testing of āRed Dogā - code name for Azure. Their perf at the time was pretty bad but they have made a lot of improvements. Itās good to competition in the Cloud space - it makes everyone better and gives better pricing to all.