Setting up authentication with ADFS

The following guide will assist you in configuring your application to use Active Directory Federation Services (ADFS) for authentication.

Part 1: Configure a new replying party trust in ADFS

Open the ADFS console, expand Trust Relationships, right-click Relying Part Trusts and select Add relying-party trust
Click Next and select Enter data about the relying party manually
Specify Lithnet Access Manager as the display name
Select AD FS profile
Skip the encryption certificate step
Check the box to Enable support for the WS-Federation Passive protocol. Specify the base URL where your Lithnet Access Manager is hosted (eg https://accessmanager.lithnet.local/)
Skip the page prompting you to add additional relying party trust identifiers
Optionally, configure multi-factor authentication for the trust, and follow the remaining pages through to completion
Edit the claim rules for the application. Add a new issuance transform rule to Send LDAP attributes as claims
Set 'Issue UPN' as the claim rule name. Select Active Directory as the attribute store, User-Principal-Name as the LDAP Attribute and UPN as the outgoing claim type

In the metadata field, provide the metadata URL for your ADFS server (usually something like https://adfs.lithnet.local/FederationMetadata/2007-06/FederationMetadata.xml)
Enter the base URL of your application in the Realm field.