In this article, I will detail how to configure Relying Party Trust in ADFS server. Please check out the Part 1 and Part 2 of this series which provides an overview of the solution and explains how to configure ADFS server.
[Integration] ADFS as the Identity Provider for Adxstudio – Part 1 – Overview
[Integration] ADFS as the Identity Provider for Adxstudio – Part 2 – Configure ADFS Server
Adding Relying Party Trust to ADFS
Login to ADFS Server
Using the AD FS Management tool, select Trust Relationships > Relying Party Trusts.
- Click Add Relying Party Trust…
- Welcome: Click Start
- Select Data Source: Select Enter data about the relying party manually, click Next
- Specify Display Name: Enter a name, click Next
- Example: https://portal.dyn365apps.internal/
- Choose Profile: Select AD FS 2.0 profile, click Next
- Configure Certificate: Click Next
- Configure URL: Check Enable support for the WS-Federation Passive protocol
- Relying party WS-Federation Passive protocol URL: Enter https://portal.dyn365apps.internal/signin-federation
- Note: AD FS requires that the portal run on HTTPS
- The resulting endpoint has the following settings:
- Endpoint type: WS-Federation
- Binding: POST
- Index: n/a (0)
- URL: https://portal.dyn365apps.internal/signin-federation
- Configure Identities: Specify https://portal.dyn365apps.internal, click Add, click Next
- If applicable, more identities can be added for each additional relying party portal. Users will be able to authenticate across any/all of the available identities.
NOTE: Make sure there’s no / after the URL. The / after the URL caused an error and was fixed later as below.
- Choose Issuance Authorization Rules: Select Permit all users to access this relying party, click Next
- Ready to Add Trust: Click Next
- Click Close
Add the Name ID claim to the relying party trust:
- Transform Windows account name to Name ID claim (Transform an Incoming Claim):
- Incoming claim type: Windows account name
- Outgoing claim type: Name ID
- Outgoing name ID format: Unspecified
- Pass through all claim values
You should see an entry in Relying Party Trusts folder. For example: https://portal.dyn365apps.internal/
Please check out next article in the series to learn how to configure Web Application Proxy.
[Integration] ADFS as the Identity Provider for Adxstudio – Part 4 – Configure Web Application Proxy
[Integration] ADFS as the Identity Provider for Adxstudio – Part 5 – Publish an Application in Web Application Proxy
[Integration] ADFS as the Identity Provider for Adxstudio – Part 6 – Configure Adxstudio
Thank you for visiting Dyn365Apps.com.
Follow me on Twitter to get the latest news, tips and tricks and more …
Until next time…