Add Relying Party Trust
- In Server Manager, click Tools, and then select AD FS Management.
...
5. Add "EdSmart_RelyingParty" as the display name.
6. Give permissions to the Group.Click next/finish.
Here the group will be any group that needs to use SSO. Make sure that all users who will use SSO, are members of this group.
...
7. Finish. you can see the relying party added.
Add Rules
- In Server Manager, click Tools, and then select AD FS Management.
- Click on Edit claim issuance policy...
3. In the opened window, click add
...
now we need to replace the highlighted URL to simply role(see next screenshot)
12. "URL" replaced with "role". Click finish.
13. you can remove the previously created MembershipRule
...
No Format |
---|
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active Directory", types = ("UserID", "mail", "givenName", "sn", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"), query = ";mail,mail,givenName,sn,mail;{0}", param = c.Value); |
16. you are done.
Info |
---|
Related articles
Filter by label (Content by label) | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...