ADFS HP RM Client authentication

Overview

In HP Records Manager 8.2 we added ADFS authentication as an option in the native windows client.  In this video I run through configuring this in our lab environment.

Things to copy and paste

Here are the various powershell commands I used on my ADFS server.

Create the ADFS client for HPRM.

Add-AdfsClient -Name "HPRM ADFS Client" -ClientId "ab762716-544d-4aeb-a526-687b73838a33" -RedirectUri "urn:ietf:wg:oauth:2.0:oob" -Description "OAuth 2.0 client for HPRM"

Set the token lifetime to force HP RM to check back with ADFS at defined intervals.

Set-AdfsRelyingPartyTrust -TargetName "My Relying Party Trust" -TokenLifetime 10

Tell ADFS to issue refresh tokens to all devices, you may also choose to specify WorkplaceJoinedDevices.

Set-AdfsRelyingPartyTrust -TargetName "My Relying Party Trust" -IssueOAuthRefreshTokensTo AllDevices

In the video I set the refresh token life in the UI but it can also be done with this powershell command. the maximum value ADFs will allow is 9999 minutes.

Set-AdfsProperties -SSOLifetime 480