Articles in this section

See more

How to setup SSO using SAML2 / ADFS

Avatar
Mads Madsen
Updated
Follow

Please find all information below needed to setup SSO via SAML2

Client IT tasks

  • Setup a relying party in ADFS using Templafy metadata
  • Provide client metadata to Templafy (usually done via a download link to metadata.xml file)
  • Setup extended claims rules (optional)

 

Templafy tasks

Add following to the Templafy configuration

  • client signing certificate
  • SSO URL
  • EntityID

 

Client IT SAML2 setup guide

Below is the necessary information to setup Templafy as a relying party in your ADFS.

 

Metadata

 

https://app.templafy.com/AuthServices

Service Provider entity ID (Audiences)

 

https://app.templafy.com/AuthServices

Assertion Consumption Service (ACS)

 

https://app.templafy.com/AuthServices/Acs

URL to trigger SAML federation

 

https://CLIENTSUBDOMAIN.templafy.com

Hash function to use for digital signing at IdP

 

SHA-256

User Identifier

 

E-mail address

Basic claim rules

 

Claim rule

 

LDAP Attribute

Outgoing Claim Type

E-Mail-Addresses

Name ID

User-Principal-Name

UPN

Given-Name

Given Name

Surname

Surname

E-mail-Addresses

E-Mail Address

Extended claim rules

 

 

 
 

For more Claim Rules, please see the below article. It includes examples of Rule Language in Custom Claims Rules where Groups are added to the Claims.
https://support.templafy.com/hc/en-us/articles/207724789-Supported-claims-and-claims-rules

 

 

ADFS Example settings - Windows Server 2012 R2

Here are examples of a Windows Server 2012 with Templafy configured as a Relying Part Trust.

Federation Service properties
1._ADFS_-_Service_Properties.png

 

Trust Relationships - Monitoring
2._ADFS_-_Trust_Releationships_-_Monitoring.png

 

Trust Relationships - Identifiers
3._ADFS_-_Trust_Releationships_-_Identifiers.png

 

Trust Relationships - Encryption
4._ADFS_-_Trust_Releationships_-_Encryption.png

 

Trust Relationships - Signature
5._ADFS_-_Trust_Releationships_-_Signature.png

 

Trust Relationships - Endpoints
6._ADFS_-_Trust_Releationships_-_Endpoints.png

 

Trust Relationships - Advanced / Hash algorithm
7._ADFS_-_Trust_Releationships_-_Advanced.png

 

Trust Relationships - Claim Rules
8._ADFS_-_Trust_Releationships_-_Claim_Rules.png

 

Trust Relationships - Basic Claim Rules (LDAP attribute)
9._ADFS_-_Trust_Releationships_-_Claim_Rules_-_Basic_as_LDAP.png

 

Trust Relationships - Extended Claim Rules (Custom Rule Language)
OBS! See below article for full example of Extended Claim Rules
https://support.templafy.com/hc/en-us/articles/207724789-Supported-claims-and-claims-rules
10._ADFS_-_Trust_Releationships_-_Claim_Rules_-_Extended_Custom_Rule.png

 

Trust Relationships - Issuance Authorization Rules
11._ADFS_-_Trust_Releationships_-_Claim_Rules_-_Permit_Access_to_All_Users.png

 

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.