Setting up authentication with ADFS
Last updated
Last updated
The following guide will assist you in configuring your application to use Active Directory Federation Services (ADFS) for authentication.
Open the ADFS console, expand Trust Relationships
, right-click Relying Part Trusts
and select Add relying-party trust
Click Next
and select Enter data about the relying party manually
Specify Lithnet Access Manager
as the display name
Select AD FS profile
Skip the encryption certificate step
Check the box to Enable support for the WS-Federation Passive protocol
. Specify the base URL where your Lithnet Access Manager is hosted (e.g. https://accessmanager.lithnet.local/
)
Skip the page prompting you to add additional relying-party trust identifiers
Optionally, configure multifactor authentication for the trust, and follow the remaining pages through to completion
Edit the claim rules for the application. Add a new issuance transform rule to Send LDAP attributes as claims
Set 'Issue UPN' as the claim rule name. Select Active Directory
as the attribute store, User-Principal-Name
as the LDAP Attribute
and UPN
as the outgoing claim type
Open the Lithnet Access Manager Service Configuration Tool
Select the App configuration\User Authentication
page
Select WS-Federation
as the authentication provider type
In the metadata
field, provide the metadata URL for your ADFS server (usually something like https://adfs.lithnet.local/FederationMetadata/2007-06/FederationMetadata.xml
)
Enter the base URL of your application in the Realm
field.