ADFS as IDP

Step 1: Setup ADFS as Identity Provider

  • On ADFS, search for ADFS Management application.
  • ADFS sso-1
  • After opening the AD FS Management, select Relying Party Trust & then click on Add Relying Party Trust.
  • ADFS sso-2
  • Click the Start button from the Relying Party Trust Wizard pop up. But before that please make sure Claims Aware is selected.
  • ADFS sso-3.png
  • Select the options for adding a relying party trust.
    • miniorange img Using Metadata URL

      • In Select Data Source: Import data about the relying party published online or on the local network option & then add URL in Federation metadata address.
      • ADFS sso-4
      • Skip step-5 to step-8 & start configuring from step-9. Navigate to Service Provider Info tab from the plugin for getting SP Meatadata URL.

      miniorange img Using Metadata XML file

      • In Select Data Source: Import data about the relying party from a file option & then browse the metadata file.
      • ADFS sso-5
      • Skip step-5 to step-8 & start configuring from step-9.

      miniorange img Using Manual configuration

      • In Select Data Source: Enter Data about the relying party manually & Click on Next.
      • ADFS sso-6
  • Enter Display Name & Click Next.
  • Upload the certificate & click next. Download the certificate from plugin & use the same certificate to upload on ADFS.
  • Select Enable support for the SAML 2.0 WebSSO protocol & Enter ACS URL from the plugins Service Provider Info Tab. Click Next.
  • ADFS sso-7
  • Add Entity ID from plugins Service Provider Info Tab as Relying party trust identifier then click Add button & then click Next.
  • Click on Download Signing Certificate to download the Signing certificate.
  • ADFS sso-8
  • Select Permit everyone as an Access Control Policy & click on Next.
  • ADFS sso-9
  • Click the Next button from Ready to Add Trust & click Close.
  • It will show you the list of Relying Party Trusts. Select the respective application & click on Edit Claim Issuance Policy.
  • ADFS sso-10
  • Click the Next button from Ready to Add Trust & click Close.
  • It will show you the list of Relying Party Trusts. Select the respective application & click on Edit Claim Issuance Policy.
  • ADFS sso-11
  • Click on Add Rule button.
  • ADFS sso-12
  • Select Send LDAP Attributes as Claims & click on Next.
  • ADFS sso-13
  • Enter the following details & click on Finish.
  • Claim rule name: Attributes
    Attribute Store: Active Directory
    LDAP Attribute: E-Mail-Addresses
    Outgoing Claim Type: Name ID
    ADFS sso-14
  • Click Apply Ok.
  • Select property of the application & add the certificate downloaded from the add-on.
  • ADFS sso-15