ADFS Identity Provider Setup¶
This document describes the steps to configure Microsoft ADFS as an Identity Provider to integrate with Cyderes. Cyderes will act as the SAML Service Provider or "SAML SP". Cyderes supports ADFS 2.0 or 3.0 and SAML 2.0.
Configuring SSO¶
Adding a Relying Trust¶
- In ADFS, go to ADFS > Trust Relationships > Right Click Relying Party Trusts > Select Add a Relying Party Trust
- Choose to import data from a file and choose the XML metadata file provided by Cyderes and click Next.
- Enter “Cyderes” as the name for the trust. Click Next.
- Choose “I do not want to configure multi-factor authentication settings…” and click Next.
- Accept the defaults for the screens until the Finish screen. On the Finish screen, uncheck “Open the Edit Claim Rules dialog…” and click Close.
Modifying a Relying Trust¶
- Right-click on the relying party trust and select Properties.
- Browse to the Advanced tab and set the Secure hash algorithm to SHA-256.
Create Claim Rules¶
- Right-click on the relying party trust and select Edit Claim Rules.
- Click the Issuance Transform Rules tab.
- Select Add Rule.
- Select Send LDAP Attributes as Claims and click Next.
-
Choose a name for the “Claim rule name” and choose Active Directory as the attribute store. Fill in the following information:
Claim Name Value E-Mail-Addresses E-Mail Address Surname Surname Given-Name Given Name -
Select OK and then Finish.
- Select Add Rule.
- Select Transform an Incoming Claim and click Next.
- Choose a name for the “Claim rule name”.
- Set the Incoming claim type to “E-Mail Address”, Outgoing claim type to “Name ID”, and Outgoing name ID format to “Email”.
- Select Pass through all claim values.
- Select Finish.
Gather Information¶
Export the ADFS Federation Metadata file and provide it to Cyderes. It can be generated by browsing to https://localhost/FederationMetadata/2007-06/FederationMetadata.xml
on the ADFS server.