The ADFS server rejects the contract URI names of the default Access Manager contracts, which have a URI format of secure/name/password/uri. The ADFS server expects the URI to look like a URL.
Use the following format for the URI of all contracts that you want to use with the ADFS server:
<baseurl>/name/password/uri
If DNS of your Identity Server is idp-50.amlab.net, the URI looks similar to the following format:
https://idp-50.amlab.net:8443/nidp/name/password/uri
This URL does not resolve to anything because Identity Server interprets it as a contract URI and not a URL.
To create a new authentication contract:
Click Devices > Identity Servers > Edit > Local > Contracts > New.
Specify the following details:
|
Field |
Description |
|---|---|
|
Display name |
Specify a name. For example, WS-Fed Contract. |
|
URI |
Specify a URI. For example, https://idp-50.amlab.net:8443/nidp/name/password/uri. |
|
Satisfiable by External Provider |
Select this option. The ADFS server needs to satisfy this contract. |
Move Name/Password – Form to Methods.
Click Next and specify the following details:
|
Field |
Description |
|---|---|
|
ID |
Leave this field blank. Supply a value if you want a reference to use it externally. |
|
Text |
Specify a description that is available to the user when the user hovers over the card. |
|
Image |
Select an image, such as Form Auth Username Password. This is the default image for the Name/Password - Form contract. |
|
Show Card |
Select this option so that the card can be presented to the user as a login option. |
Click Finish.
Continue with Setting the WS-Fed Contract as the Default Contract.