Please find all information below needed to setup SSO via SAML2
Client IT tasks
- Setup a relying party in ADFS using Templafy metadata
- Download Templafy metadata
- Provide client metadata to Templafy (usually done via a download link to metadata.xml file)
- Setup extended claims rules (optional)
- Link to extended claims rules
Templafy tasks
Add following to the Templafy configuration
- Client signing certificate
- SSO URL
- EntityID
Client IT SAML2 setup guide
Below is the necessary information to setup Templafy as a relying party in your ADFS.
Metadata |
|
|
Service Provider entity ID (Audiences) |
|
https://app.templafy.com/AuthServices |
Assertion Consumption Service (ACS) |
|
https://app.templafy.com/AuthServices/Acs |
URL to trigger SAML federation |
|
https://CLIENTSUBDOMAIN.templafy.com |
Hash function to use for digital signing at IdP |
|
SHA-256 |
User Identifier |
|
E-mail address |
ADFS Claim Setup with all Membership Groups as claims
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone", "http://schemas.templafy.com/2016/06/identity/claims/department", "http://schemas.templafy.com/2016/06/identity/claims/city", "http://schemas.templafy.com/2016/06/identity/claims/jobtitle", "http://schemas.templafy.com/2016/06/identity/claims/facsimilenumber", "http://schemas.templafy.com/2016/06/identity/claims/phonenumber", "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"), query = ";mail,userPrincipalName,mail,givenName,sn,postalCode,st,co,mobile,department,l,title,facsimileTelephoneNumber,telephoneNumber,tokenGroups;{0}", param = c.Value);
This will send all ADFS-Supported claims to Templafy and can safely be copy/paste to a Custom Claim Rule.
OBS! You will not need any other claim rule when using the above.
ADFS Example settings - Windows Server 2012 R2
Here are examples of a Windows Server 2012 with Templafy configured as a Relying Part Trust.
Federation Service properties
Trust Relationships - Monitoring
Trust Relationships - Identifiers
Trust Relationships - Encryption
Trust Relationships - Signature
Trust Relationships - Endpoints
Trust Relationships - Advanced / Hash algorithm
Trust Relationships - Claim Rules
Trust Relationships - Basic Claim Rules (LDAP attribute)
Trust Relationships - Extended Claim Rules (Custom Rule Language)
OBS! See below article for full example of Extended Claim Rules
https://support.templafy.com/hc/en-us/articles/207724789-Supported-claims-and-claims-rules
Trust Relationships - Issuance Authorization Rules
Comments
0 comments
Article is closed for comments.