Configuration of Active Directory Federation Services (AD FS)
Active Directory Federation Services can be used as identity provider. The following chapters describe how to configure AD FS for the Fabasoft Cloud.
The following prerequisites must be fulfilled:
Configure Your AD FS
To configure your AD FS for the Fabasoft Cloud, perform the following steps:
- Start your AD FS.
- Expand the “Trusted Relationships” folder.
- On the context menu of “Relying Party Trusts” click “Add Relying Party Trust”.
- Start the wizard.
- Enter the URL https://idp.cloud.fabasoft.com/idp/saml/metadata in the Federation metadata address field and click “Next”.
- Enter a display name and click “Next”.
- Choose one of the issuance authorization rules and click “Next”.
- Check the settings and click “Next”.
- Close the wizard and open the “Claim Rules” dialog.
- Click “Add Rule” to open the “Add Transform Claim Rule Wizard”.
- Select a rule template and click “Next”.
- Enter a rule name and add the attributes you want to send.
The following outgoing claim types must be defined:
- Name ID
The LDAP attribute that is assigned to the outgoing claim type “Name ID” must contain the user’s e-mail address, which is used for the Fabasoft Cloud log-in.
- Given Name
- Close the “Claim Rules” dialog.
- Click “Trusted Relationships” and on the context menu of “Relying Party Trusts” click “Properties”.
- Click the “Advanced” tab and select the secure hash algorithm “SHA-256”.
The FederationMetadata.xml metadata file can be opened and saved using the following link:
https://<your AD FS>/FederationMetadata/2007-06/FederationMetadata.xml
This file has to be sent to the Fabasoft Cloud Support.