You are viewing limited content. For full access, please sign in.

Discussion

Discussion

Moving LFDS (SAML Users-Azure) to new Server

posted on February 14

Hello,

We are trying to figure out the best way to move an LFDS installation from one server to another.

We tested this and the user received a "Application with Identifier ServerFQDN/lfds not found in the Directory" Microsoft error trying to authenticate to Azure.

I believe the issue is with the registration in the Azure Application appliance setting, pointing to the old server still.

Wanted to check with you all to see if anyone has actually done this process of moving LFDS that is using SAML Azure for login and if so, any steps you can provide would be greatly appreciated.

Appreciate the feedback,

Jeff Curtis

0 0
replied on February 15

Hi Jeff,

That error means that Azure does not know of the new LFDS server and is not going to accept authentication requests from it. You need to go into your enterprise app SAML settings and change the Identifier (Entity ID) value to reflect the new LFDS entity ID (you can find this in the LFDS-generated SP metadata file, but it is usually "https://<LfdsFqdn>/lfds")

0 0
replied on February 15

Thanks Chase


I found this blurb in the LF Admin Guide and wanted to see we should follow your process or will this recommendation below work?

"If you're moving Directory Server to a new computer or changing its host name, but you don't want to reconfigure your SAML identity providers, you can specify the old entity ID in this field. The old ID will effectively act as an alias for the new entity ID."

https://www.laserfiche.com/support/webhelp/Laserfiche/10/en-US/administration/#../Subsystems/LFDS/Content/Settings.htm#SAML

Thanks,
Jeff

0 0
replied on February 15

Yep, that way works too!

1 0
replied on February 15

Thanks Chase!!

Jeff

1 0
replied on February 17

Hey Chase,

If this section does not have any data in it, will following the instructions to add the old Entity ID work?

Thanks,

Jeff Curtis

0 0
replied on February 17

Hi Jeff, yes it should work. Those fields are optional and will be blank by default. You also don't need to enter a "Default Landing Page" if you don't need one.

1 0
replied on February 17

Thanks Chase!!

Jeff

0 0
replied on February 18

Hey Chase,

One last question. Could the customer create a new application entry in Azure and provide us with the SAML Metadata XML that we could use to update LFDS once we move the application to the new server or is it better to edit the Azure Application entry to point to the new LFDS Server?

Thanks,

Jeff Curtis

0 0
replied on February 22

Either one of those methods should work. In the former case, you'll just want to make sure that the new Azure app has all of the same claims and security settings as the old one.

1 0
replied on February 23

Thanks Chase!!

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.