Document toolboxDocument toolbox

ADFS server configuration

Owned by Pavel Novák
Last updated: Feb 25, 2021
2 min read

 

  1. First we must have a working ADFS server of course. Inside it we make the following configuration steps as an administrator.

  2. Create Application group:

    1. As a template select “Web browser accessing a web application” and fill the name with FQDN of SOFiE for example.

       

    2. Write down the “Client Identifier” - it will be used later in the configuration of SOFiE.

       

    3. In the Redirect URI enter: https://your.fqdn/api/user/adfs-login - so fqdn url + api/user/adfs-login.

    4. Set “Access control policy” according to what is needed, usually Permit specific group is the best way.

       

    5. Save the settings and then edit the newly created Application group to fill in the necessary mapping rules for attributes which are passed to SOFiE. If any of the following attributes are missing in the outgoing claim, just add them by manually typing them in:

       

       

    6. The last step on the ADFS server is to copy the public key (Token signing). View certificate → Details → Select public key → Copy to file. And that should be all on the side of ADFS server.

       

  3. In the SOFiE settings we then just enable the ADFS integration, fill in the ADFS URL, fill in the Client identifier from step 2.b. and fill in the public key (just copy and paste the whole contents of the key file from step 2.f).