Actions

ADFS 2.0 Relying Party Trust Configuration

From Joomla! Documentation

Revision as of 20:48, 26 May 2013 by Tom Hutchison (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This document explains how to configure the Relying Party Trust in ADFS 2.0 manually.

Prerequisites

  1. Relying party identifier
  2. Token encryption certificate(.crt file)
  3. WS-Federation Passive redirection URL.

Installation
The below screen captures will show you how to set up the ADFS Relying Party Trust manually.

  1. ADFS 2.0 Management

    Open ADFS 2.0 Management tool from Administrative tools

    AD FS 2.0 Management

  2. Relying Party Trust Wizard

    Relying Party Trust Wizard

  3. Select Data Source

    Select the option ‘Enter data bout the relying party manually’

    Select Data Source

  4. Specify Display Name

    Provide the display name for the relying party. This is the friendly name that can be used to quickly identify the relying party in ADFS 2.0 Management Console.
    For simplicity, we recommend this to be same as the relying party identifier.

    Specify Display Name

  5. Choose Profile

    Select the option ‘ADFS 2.0 profile’

    Choose Profile

  6. Configure Certificate - Optional

    If you need the response encrypted, please choose your certificate file here.

    Configure Certificate - Optional

  7. Configure URL

    Configure the WS Federation Passive protocol URL

    Configure URL

  8. Configure Identifiers

    Configure identifier for relying party

    Configure Identifiers

  9. Choose Issuance Authorization Rules

    Choose Issuance Authorization Rules

  10. Open Claim Rules

    After finishing the configuration, you can choose to open the claim rules dialog directly

    Open Claim Rules

  11. Edit Claim Rules

    Edit Claim Rules

  12. Select Rule Template

    Choose ‘Send LDAP Attributes as Claims’

    Select Rule Template

  13. Edit Rule

    Edit the required claims. You need to provide ‘Name ID’ outgoing claim type as mandatory

    Edit Rule

Known Limitations

  • Current solution is tested for keys with 1024 size. This might show you a warning while configuring the certificate.


References

  • Configure Relying Party Trust Manually
  • Open SSL Commands to create test certificates
    • openssl genrsa -des3 -out adfs-simplesaml.key 1024
    • openssl rsa -in adfs-simplesaml.key -out adfs-simplesaml.pem
    • openssl req -new -key adfs-simplesaml.key -out adfs-simplesaml.csr
    • openssl x509 -req -in adfs-simplesaml.csr -signkey adfs-simplesaml.key -out adfs-simplesaml.crt