To establish a trusted relationship with the ADFS server, you need to set up the Trey Research site as a service provider. The trusted relationship allows the service provider to trust Identity Server for user authentication credentials.
Trey Research is the default name for the ADFS resource server. If you have used another name, substitute it when following these instructions. To create a service provider, you must know the following details about the ADFS resource server:
Table 5-14 ADFS Resource Server Information
|
Option |
Default Value |
Description |
|---|---|---|
|
Provider ID |
urn:federation:treyresearch |
This is the value that the ADFS server provides to Identity Server in the realm parameter of the query string. This value is specified in the Properties of the Trust Policy page on the ADFS server. The parameter label is Federation Service URI. |
|
Sign-on URL |
https://adfsresource.treyresearch.net/adfs/ls/ |
The identity provider redirects this value to the user after login. Although it is listed as optional, and is optional between two Access Manager Identity Servers, the ADFS server does not send this value to the identity provider. It is required when setting up a trusted relationship between an ADFS server and a Access Manager Identity Server. This URL is listed in the Properties of the Trust Policy page on the ADFS server. The parameter label is Federation Services endpoint URL. |
|
Logout URL |
https://adfsresource.treyresearch.net/adfs/ls/ |
This parameter is optional. If it is specified, the user is logged out of the ADFS server and Identity Server. |
|
Signing Certificate |
NA |
The ADFS server uses this certificate for signing. You need to export it from the ADFS server. It can be retrieved from the properties of the Trust Policy on the ADFS Server on the Verification Certificates tab.This certificate is a self-signed certificate that you generated when following the Active Directory step-by-step guide. |
To create a service provider configuration, perform the following steps:
Click Devices > Identity Servers > Servers > Edit > WS Federation.
Click New > Service Provider, then specify the following details:
|
Field |
Description |
|---|---|
|
Name |
Specify a name that identifies the service provider, such as TreyResearch. |
|
Provider ID |
Specify the provider ID of the ADFS server. The default value is urn:federation:treyresearch. |
|
Sign-on URL |
Specify the URL that the user is redirected to after login. The default value is https://adfsresource.treyresearch.net/adfs/ls/. |
|
Logout URL |
(Optional) Specify the URL that the user can use for logging out. The default value is https://adfsresource.treyresearch.net/adfs/ls. |
|
Service Provider |
Specify the path to the signing certificate of the ADFS server. |
Click Next, confirm the certificate, and then click Finish.
Continue with Configuring the Name Identifier Format.