Configuration of Active Directory Federation Services (AD FS)
Active Directory Federation Services can be used as identity provider. The following chapters describe how to configure AD FS for the Fabasoft Cloud.
The following prerequisites must be fulfilled:
Configure Your AD FS
To configure your AD FS for the Fabasoft Cloud, perform the following steps:
- Start the “AD FS Management” (“Server Manager” > “Tools”).
- On the context menu of “Relying Party Trusts”, click “Add Relying Party Trust”.
- Select Claims aware and click “Start”.
- Enter the URL https://<server>/idp/saml/metadata (e.g. https://idp.cloud.fabasoft.com/idp/saml/metadata) in the Federation metadata address field and click “Next”.
Note: Alternatively, you can download the metadata.xml from the URL and use the second option to import the file.
- Enter a display name and click “Next”.
- Choose an access control policy and click “Next”.
- Check the settings and click “Next”.
- Select Configure claims issuance policy for this application and click “Close”.
- Click “Add Rule” to open the “Add Transform Claim Rule Wizard”.
- In the Claim rule template field, select “Send LDAP Attributes as Claims” and click “Next”.
- Enter a rule name, add the attributes you want to send and click “Finish”.
At least the following outgoing claim types must be defined:
- Name ID
The LDAP attribute that is assigned to the outgoing claim type “Name ID” must contain the user’s e-mail address, which is used for the Fabasoft Cloud log-in.
- Given Name
- Click “OK”.
- On the context menu of the created relying party trust, click “Properties”.
- Click the “Advanced” tab, select the secure hash algorithm “SHA-256” and click “OK”.
The FederationMetadata.xml metadata file can be opened and saved using the following link:
https://<your AD FS>/FederationMetadata/2007-06/FederationMetadata.xml
The XML file must be uploaded to your cloud organization (“Advanced Settings” > “Login Options” > “Active Directory / SAML 2.0” action).