2018 June Release

Configuration of Active Directory Federation Services (AD FS)Permanent link for this heading

Active Directory Federation Services can be used as identity provider. The following chapters describe how to configure AD FS for the Fabasoft Cloud.

PrerequisitesPermanent link for this heading

The following prerequisites must be fulfilled:

Configure Your AD FSPermanent link for this heading

To configure your AD FS for the Fabasoft Cloud, perform the following steps:

  1. Start your AD FS.
  2. Expand the “Trusted Relationships” folder.
  3. On the context menu of “Relying Party Trusts” click “Add Relying Party Trust”.
  4. Start the wizard.
  5. Enter the URL https://idp.cloud.fabasoft.com/idp/saml/metadata in the Federation metadata address field and click “Next”.
  6. Enter a display name and click “Next”.
  7. Choose one of the issuance authorization rules and click “Next”.
  8. Check the settings and click “Next”.
  9. Close the wizard and open the “Claim Rules” dialog.
  10. Click “Add Rule” to open the “Add Transform Claim Rule Wizard”.
  11. Select a rule template and click “Next”.
  12. Enter a rule name and add the attributes you want to send.

    The following outgoing claim types must be defined:
    • Name ID
      The LDAP attribute that is assigned to the outgoing claim type “Name ID” must contain the user’s e-mail address, which is used for the Fabasoft Cloud log-in.
    • Surname
    • Given Name
  13. Close the “Claim Rules” dialog.
  14. Click “Trusted Relationships” and on the context menu of “Relying Party Trusts” click “Properties”.
  15. Click the “Advanced” tab and select the secure hash algorithm “SHA-256”.

MetadataPermanent link for this heading

The FederationMetadata.xml metadata file can be opened and saved using the following link:
https://<your AD FS>/FederationMetadata/2007-06/FederationMetadata.xml

This file has to be sent to the Fabasoft Cloud Support.