Setup ADFS as Identity Provider

  1. On ADFS, search for AD FS Management application.

    Search ADFS - ADFS SSO

  2. After opening the AD FS Management, select Relying Party Trust & then click on Add Relying Party Trust.

    Relying Party - AFDS SSO

  3. Click the Start button from the Relying Party Trust Wizard pop up. But before that please make sure Claims Aware is selected.

    Claims Aware - ADFS SSO

  4. Select the options for adding a relying party trust.
    1. Using Metadata URL
      In Select Data Source: Import data about the relying party published online or on the local network option & then add URL in Federation metadata address.

      Skip step-5 to step-8 & start configuring from step-9. Navigate to Service Provider Info tab from the plugin for getting SP Meatadata URL.

    2. Using Metadata XML file
      In Select Data Source: Import data about the relying party from a file option & then browse the metadata file.

      Skip step-5 to step-8 & start configuring from step-9.

    3. Using Manual configuration
      In Select Data Source: Enter Data about the relying party manually & Click on Next.

      Metadata Manual - ADFS SSO

  5. Enter Display Name & Click Next.

  6. Upload the certificate & click next. Download the certificate from plugin & use the same certificate to upload on ADFS.

  7. Select Enable support for the SAML 2.0 WebSSO protocol & Enter ACS URL from the plugins Service Provider Info Tab. Click Next.

    Configure URL - ADFS SSO

  8. Add Entity ID from plugins Service Provider Info Tab as Relying party trust identifier then click Add button & then click Next.

    Entity ID - ADFS SSO

  9. Select Permit everyone as an Access Control Policy & click on Next.

    Axxess Control Policy - ADFS SSO

  10. Click the Next button from Ready to Add Trust & click Close.

  11. It will show you the list of Relying Party Trusts. Select the respective application & click on Edit Claim Issuance Policy.

    Claim Issuance Policy - ADFS SSO

  12. Click on Add Rule button.

    Add Rule - ADFS SSO

  13. 13. Select Send LDAP Attributes as Claims & click on Next.

    LDAP Attributes - ADFS SSO

    14. Enter the following details & click on Finish
    • Claim rule name: Attributes
    • Attribute Store: Active Directory
    • LDAP Attribute: E-Mail-Addresses
    • Outgoing Claim Type: Name ID

    Configure Claim Rule - ADFS SSO

    15. Click Apply & Ok.

    16. Select property of the application & add the certificate downloaded from the add-on.

    Upload Certificate - ADFS SSO