ADFS Provider

Create an ADFS provider in Identity Server

  • To create an ADFS provider, open the Identity Server.
  • Click on ‘Click here to administer Identity Server, you will be required to login’ on the homepage.

providers1

  • Click on ‘Providers’ from the left hand menu or the center tiles.

providers2

  • Here you can see the list of existing providers, where you can view update or delete.
  • Click the ‘New’ button from the top right, and then on ‘Active Directory Federation Services’ to create a new provider.

providers3

  • Enter a name for your provider, this is just a friendly name for your own reference under ‘Name’.
  • Copy the custom rule provided in the ‘About’ section, you will require this when configuring your ADFS server.

You can also find this custom rule under the appendix section ADFS Custom Rule

providers4

  • Enter the federation endpoint of your ADFS server under ‘Metadata Address’.

The federation endpoint will be the URL of your ADFS server combined with the relative address of /FederationMetadata/2007-06/FederationMetadata.xml.

  • Take note of the ‘Relying Party WS-Federation Passive Protocol URL’, you will require it when configuring your ADFS server.
  • Click the ‘Save’ button.

providers5

  • You will now see your provider in the provider list.

Take note of the blue message that appears. Providers are loaded in when Identity Server starts up, so you must restart the application in IIS before your provider will be usable.

providers6

Create the relaying party trust in ADFS

Open the AD FS Management tool.

Verify that the Source user ID claim is available by going to ADFS > Service > Claim Descriptions.

Check the list for a claim with the name ‘Source user ID’ as defined in the appendix of this document under ADFS Claim Descriptions.

If the Claim Description does not exist, then add it.

step 5

step 5.1

Add a new Relaying Party Trust by going to AD FS > Trust Relationships > Right click on Relying Party Trusts and select ‘Add Relying Party Trust’.

step 6

Select ‘Start’ to begin.

step 7

Select ‘Enter data about this relying party manually’ and select ‘Next’.

step 8

Enter ‘Identity Server’ for the name (or a name of your choosing) and select ‘Next’.

step 9

Leave the default ‘AD FS profile’ selected and select ‘Next’.

step 10

Select ‘Next’.

step 11

Select ‘Enable support for WS-Federation Passive protocol’ and then enter the ‘Relying Party WS-Federation Passive Protocol URL’ value recorded during the creation of the Identity Server provider (You can go back to Identity Server to get the value).

Select ‘Next’.

step 12

Select ‘Next’.

step 13

Select ‘Next’.

step 14

Select ‘Next’.

step 15

Select ‘Next’.

step 16

Ensure that ‘Open the Edit Claim Rules dialog for this relying party trust when the wizard closes’ checkbox is selected.

Select ‘Close’.

step 17

Select ‘Add Rule…’.

step 18

Select ‘Send Claims Using a Custom Rule’.

Select ‘Next’.

step 19

Enter ‘Identity Server Rules’ for the ‘Claim rule name” or a name of your choosing.

Enter the custom rule defined in the appendix under ADFS Custom Rule.

Select ‘Finish’ and then select ‘OK’.

step 20