Creating an Identity Provider for WS Federation

To set up a trust relationship, configure the ADFS server as an identity provider for Identity Server.

  1. Click Devices > Identity Servers > Edit > WS Federation.

  2. Click New, select Identity Provider, then specify the following details:

    Field

    Description

    Name

    Specify a name that identifies the identity provider, such as Adatum.

    Provider ID

    Specify the federation service URI of the identity provider. For example, urn:federation:adatum.

    Sign-on URL

    Specify the login URL. For example, https://adfsaccount.adatum.com/adfs/ls/.

    Logout URL

    Specify the logout URL. For example, https://adfsresource.treyresearch.net/adfs/ls/

    Identity Provider

    Specify the path to the signing certificate of the ADFS server.

  3. Confirm the certificate and click Next.

  4. For the authentication card, specify the following values:

    Field

    Description

    ID

    Leave this field blank.

    Text

    Specify a description. This is shown when a user hovers the mouse over the card.

    Image

    Select an image, such as Customizable, or any other image.

    Show Card

    Select this option to display the card as a login option.

  5. Click Finish.

For information about additional configuration steps required to use this identity provider, see Using the ADFS Server as an Identity Provider for an Access Manager Protected Resource.

Using Access Manager as a WS Federation Identity Provider and Consumer

NOTE:Use this configuration only in the test environment and not in the production environment.

  1. Click Devices > Identity Servers > Edit > WS Federation.

  2. Click New > Identity Provider, then specify the following details:

    Field

    Description

    Name

    Specify a name that identifies the identity provider.

    Provider ID

    https://240onbox.nam.example.com:8443/nidp/wsfed/

    Sign-on URL

    https://240onbox.nam.example.com:8443/nidp/wsfed/ep.

    Logout URL

    https://240onbox.nam.example.com:8443/nidp/wsfed/loreply

  3. Upload the test-signing certificate of the trusted identity provider.

    (Dashboard > Certificates > test-signing > Export Public Certificate > DER File > test-signing)

  4. Click Next.

  5. For the authentication card, specify the following values:

    Field

    Description

    ID

    Specify an alphanumeric value. This value is persistent.

    If you do not assign a value, Identity Server creates an internal value that keeps changing whenever you restart Identity Server.

    Text

    Specify a description to help a user understand the authentication method of the card.

    This description is displayed when the user hovers over the authentication card.

    Image

    Select an image.

    Show Card

    Select this option to display the card as a login option.

  6. Click Finish.