Setting up authentication with ADFS
The following guide will assist you in configuring your application to use Active Directory Federation Services (ADFS) for authentication.
Part 1: Configure a new replying party trust in ADFS
Open the ADFS console, expand
Trust Relationships
, right-clickRelying Part Trusts
and selectAdd relying-party trust
Click
Next
and selectEnter data about the relying party manually
Specify
Lithnet Access Manager
as the display nameSelect
AD FS profile
Skip the encryption certificate step
Check the box to
Enable support for the WS-Federation Passive protocol
. Specify the base URL where your Lithnet Access Manager is hosted (e.g.https://accessmanager.lithnet.local/
)Skip the page prompting you to add additional relying-party trust identifiers
Optionally, configure multifactor authentication for the trust, and follow the remaining pages through to completion
Edit the claim rules for the application. Add a new issuance transform rule to
Send LDAP attributes as claims
Set 'Issue UPN' as the claim rule name. Select
Active Directory
as the attribute store,User-Principal-Name
as theLDAP Attribute
andUPN
as the outgoing claim type
Part 2: Configure Lithnet Access Manager
Open the Lithnet Access Manager Service Configuration Tool
Select the
App configuration\User Authentication
pageSelect
WS-Federation
as the authentication provider typeIn the
metadata
field, provide the metadata URL for your ADFS server (usually something likehttps://adfs.lithnet.local/FederationMetadata/2007-06/FederationMetadata.xml
)Enter the base URL of your application in the
Realm
field.
Last updated