AD FFS: Create Condens SSO App

Step 1 - Adding a Relying Party Trust

  1. Open AD FS Management on your ADFS server

  2. Right-click Relying party trusts and select Add relying party trust

  3. Click Start on the welcome step

  4. In the step Select data source, choose Enter data about the relying party manually and click Next

  5. Enter a Display name e.g. Condens Login and click Next

  6. In the step Choose profile, choose AD FS profile with SAML 2.0 and click Next

  7. Click Next on the Configure certificate step without choosing any certificate

  8. Select Enable support for the SAML 2.0 SSO Web SSO protocol

  9. As Service URL copy in the SP Login URL from Condens and click Next

  10. Copy in the SP Entity ID from Condens as a Relying party trust identifier

  11. Click Next until you reach the Finish step

  12. Choose Open the Edit Claim Rules dialog for this relying party trust when the wizard closes and click Close. This will launch the Edit Claim Rules window.

   

Step 2 - Creating claim rules

  1. In the Edit Claim Rules window, click Add rule, choose Send LDAP Attributes as Claims as the Claim rule template and click Next

  2. Enter a Claim rule name e.g. LDAP Email, select Active Directory as your attribute store, from the LDAP Attribute column select E-Mail Addresses and from the Outgoing Claim Type select E-Mail Address

  3. Click on OK to save the new rule

  4. Create another new rule by clicking Add Rule, this time selecting Transform an Incoming Claim as the template

  5. Enter a Claim rule name e.g. Email transform, select E-Mail Address as the Incoming Claim Type, for Outgoing Claim Type select Name ID, for Outgoing Name ID Format select Email and leave the rule to the default of Pass through all claim values

  6. Click on OK to save the new rule

  7. Make sure the rule LDAP Email is above the rule Email transform in the Edit Claim Rules window (this should be the case by default)

   

Step 3 - Adjusting the trust settings

  1. In the AD FS Management window, right-click on the Relying party for Condens Login and choose properties. Select the Advanced tab and choose SHA-256 as the Secure hash algorithm

  2. In the AD FS Management window, navigate to Services and then to Certificates. Right click on the Token-signing certificate and choose View certificate... and export it as a Base-64 encoded X.509 certificate. You will need this later.

   

Step 4 - Enter values into Condens

  1. https://[your-adfs-domain.com]/adfs/ls → IdP Login URL in Condens

  2. http://[your-adfs-domain.com]/adfs/services/trust → IdP Entity ID in Condens

  3. The Base-64 encoded certificate exported in step 3 → Certificate in Condens


Didn't find what you're looking for? Send us a message and we'll get back to you.