ADFS setup for single-sign-on

This is a continuation of our single-sign-on guide.

ADFS configuration

1. Go to ADFS server and open ADFS Management.

2. Click on Add Relying Party Trust.
blog_sso_adfs_03.jpg
3. Click Next.

4. Select Enter data... option.
blog_sso_adfs_04.jpg

5. Set the Display name.
blog_sso_adfs_05.jpg

6. Select Enable SAML 2.0 protocol and insert the Single Sign On URL from step 2 in GpsGate Setup.

Change “http” to “https”, because ADFS supports only HTTPS.

Example: something like https://yourserver.com/saml/login.aspx?adfsid=ID

blog_sso_adfs_06.png

7. Insert the URL that looks like https://yourserver.com/saml/login.aspx

blog_sso_adfs_07.png

8. Click on the Add button

blog_sso_adfs_08.png

9. Select Permit everyone.
blog_sso_adfs_09.jpg

10. Now in the new opened window Edit Claim Issuance Policy for... add a new rule.
blog_sso_adfs_10.jpg

11. Select Send LDAP Attributes as Claims.

blog_sso_adfs_11.jpg

12. Set Claim rule name

Select Active Directory for Attribute Store.
Select ‘SAM-Account-Name’ for ‘LDAP Attribute’ and ‘Name ID’ for ‘Outgoing Claim Type’.

blog_sso_adfs_12.jpg

13. Now we can continue from Single Sign On setup > step 6, entering the credentials generated at this point.