AD FS configuration for VFC SAML Identity Provider
- Kiss, Mate
The following steps are are for Windows Server 2019. The required steps may be different in other Windows Server versions.
Step 1 - Log in to the ADFS server, and open the AD FS Management console.
Step 2 - In the right panel, right-click on the Relying Party Trusts and select Add New Relying Party Trust.
Step 3 - On the first page, select Claims aware, then click Start.
Step 4 - On the next page, select “Enter data about the relying party manually”, then click Next.
Step 5 - Enter a Display Name for the relying party, then click Next. This can be anything.
Step 6 - On the Configure Certificate page, just click Next.
Step 7 - On the Configure URL page, tick the checkbox at the “Enable Support for SAML 2.0 WebSSO protocol“ and provide the URL of the VFC server in the following format: https://server-fqdn/verba/saml/
Then click Next.
Step 8 - On the Configure Identifiers page, add the URL of the VFC server in the following format: https://server-fqdn/verba
Then click Next.
Step 9 - On the Choose Access Control page, just click Next.
Step 11 - On the next page click Next then Close.
Step 12 - In the Edit Claim Issuance Policy window, click Add Rule.
Step 13 - Select “Send LDAP Attributes as Claims” then click Next.
Step 14 - Provide a Claim rule name, then under the Attribute Store select Active Directory.
Step 15 - In the table, under the LDAP Attribute select SAM-Account-Name, and under the Outgoing Claim Type select Name ID. Click Finish.
Step 16 - Click Apply then OK.
Step 17 - In the right panel, expand the Service \ Certificates node.
Step 18 - Under the Token Signing certificates, select the primary one.
Step 19 - Go to the Details tab, then click Copy to File.
Step 20 - Select Base-64 encoded X.509.
Step 21 - Provide a file name, then save the certificate. The contents of the file will be required in the VFC configuration.
