ADFS for Sharepoint: Preparing ADFS for Sharepoint 2013

Hi,

This post is a continuation of the previous post about ADFS, in this post the following topics will be covered:

  1. Configure ADFS for a Relying Party
  2. Configure a claim rule
  3. Export the Token-Signing Certificate
  4. Test ADFS Connectivity

Let’s begin!

  1. Configure ADFS for a Relying Party: This step adds a Relying Party Trust from the ADFS server for the Sharepoint web application, using the WS-Federation passive protocol.
  • Open the AD FS Management Console
  • Expand the Trust Relationships node
  • Click on the Relying Party Trust node
  • Click on the Add Relying Party Trust link from the right pane to start the Add Relying Party Trust wizard.

1

  • Click Start on the Welcome screen

2

  • Select the Enter data about the relying party manually radio button and click next

3

  • Enter a Display name, something that describes the SharePoint web application is recommended.

4

  • Select the AD FS 2.0 profile

5

  • On the next screen click Next, it is not necessary to select a certificate in this step.

6

7

  • Configure the Relying party trust identifiers with these values:
    • https://<your_webApp>/
    • urn:sharepoint:portal (this value is descriptive, you can use any value but remember this value is the one you will use in the creation of the claims authentication provider in SharePoint).

8

  • Select the Permit all users to access this relying party option and click next.

9

  • Select Next in the Ready to Add Trust screen

10

  • Leave the Open the Edit Claim Rules dialog for this relying party trust when the wizard closes and click Close

11

  1. Configure a claim rule
  • Open the AD FS Management Console
  • Expand the Trust Relationships node
  • Click on the Relying Party Trust node
  • Click on the Edit Claim Rules link from the right pane to start the Add Relying Party Trust wizard.

12

  • Click Add Rule
  • Select Send LDAP Attributes as Claims and click Next

13

  • Enter a Claim rule name, the Attribute Store and configure the attribute mapping like the following screen

14

  • Click Finish and the Relying Party will be configured for using with SharePoint.
  1. Export the Token-Signing Certificate

The final step you have to complete from the ADFS Server is to export the Token-Signing Certificate. This certificate will be used to create a the SPTrustedIdentityTokenIssuer in SharePoint.

  • Open IIS 7 manager on the Federation Server.
  • Select the servername in the console and double-click the certificates feature. You should see the certificates you configured earlier for ADFS.
  • Double-click the Token-Signing certificate and select the details tab.
  • Select copy to file and use these options in the following wizard:
    • No do not export the private key
    • DER encoded binary X.509 (.CER)
    • save the file as c:TokenSign.cer

15

  1. Test ADFS Connectivity

Finally, it is a good practice to verify that all your configuration is working. You can do it so in two steps:

16

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s