AD FS configuration for VFC SAML Identity Provider

The following steps are are for Windows Server 2019. The required steps may be different in other Windows Server versions.

Step 1 - Log in to the ADFS server, and open the AD FS Management console.

Step 2 - In the right panel, right-click on the Relying Party Trusts and select Add New Relying Party Trust.

Step 3 - On the first page, select Claims aware, then click Start.

Step 4 - On the next page, select “Enter data about the relying party manually”, then click Next.

Step 5 - Enter a Display Name for the relying party, then click Next. This can be anything.

Step 6 - On the Configure Certificate page, just click Next.

Step 7 - On the Configure URL page, tick the checkbox at the “Enable Support for SAML 2.0 WebSSO protocol“ and provide the URL of the VFC server in the following format: https://server-fqdn/verba/saml/

Then click Next.

Step 8 - On the Configure Identifiers page, add the URL of the VFC server in the following format: https://server-fqdn/verba

Then click Next.

Step 9 - On the Choose Access Control page, just click Next.

Step 11 - On the next page click Next then Close.

Step 12 - In the Edit Claim Issuance Policy window, click Add Rule.

Step 13 - Select “Send LDAP Attributes as Claims” then click Next.

Step 14 - Provide a Claim rule name, then under the Attribute Store select Active Directory.

Step 15 - In the table, under the LDAP Attribute select SAM-Account-Name, and under the Outgoing Claim Type select Name ID. Click Finish.

Step 16 - Click Apply then OK.

Step 17 - In the right panel, expand the Service \ Certificates node.

Step 18 - Under the Token Signing certificates, select the primary one.

Step 19 - Go to the Details tab, then click Copy to File.

Step 20 - Select Base-64 encoded X.509.

Step 21 - Provide a file name, then save the certificate. The contents of the file will be required in the VFC configuration.

image-20240228-155036.png

 

image-20240228-155110.png