ADFS setup for single-sign-on

ADFS is a Microsoft component that runs on Windows Server which allows single-sign-on access to systems and applications. You can read more about this here.

In this guide we will describe how to set this component up.

This is a continuation of our single-sign-on guide.

ADFS configuration

1. Go to ADFS server and open ADFS Management.

2. Click on Add Relying Party Trust.
add relying party trust 1
3. Click Next.

4. Select Enter data... option.
add relying party trust 2

5. Set the Display name.
add relying party trust 3

6. Select Enable SAML 2.0 protocol and insert the Single Sign On URL from step 2 in GpsGate Setup.

Change “http” to “https”, because ADFS supports only HTTPS.

Example: something like https://yourserver.com/saml/login.aspx?adfsid=ID

mceclip0.png

7. Insert the URL that looks like https://yourserver.com/saml/login.aspx

mceclip1.png

8. Click on the Add button

mceclip2.png

9. Select Permit everyone.
add relying party trust 7

10. Now in the new opened window Edit Claim Issuance Policy for... add a new rule.
add relying party trust 8

11. Select Send LDAP Attributes as Claims.

add relying party trust 9

12. Set Claim rule name

Select Active Directory for Attribute Store.
Select ‘SAM-Account-Name’ for ‘LDAP Attribute’ and ‘Name ID’ for ‘Outgoing Claim Type’.

add relying party trust 10

13. Now we can continue to step 2 from single-sign-on guide.