ADFS Provider
Create an ADFS provider in Loome Identity
- To create an ADFS provider, open the Loome Identity.
- Click on ‘Click here to administer Loome Identity, you will be required to login’ on the homepage.
- Click on ‘Providers’ from the left hand menu or the center tiles.
- Here you can see the list of existing providers, where you can view update or delete.
- Click the ‘New’ button from the top right, and then on ‘Active Directory Federation Services’ to create a new provider.
- Enter a name for your provider, this is just a friendly name for your own reference under ‘Name’.
- Copy the custom rule provided in the ‘About’ section, you will require this when configuring your ADFS server.
You can also find this custom rule under the appendix section ADFS Custom Rule
- Enter the federation endpoint of your ADFS server under ‘Metadata Address’.
The federation endpoint will be the URL of your ADFS server combined with the relative address of /FederationMetadata/2007-06/FederationMetadata.xml.
- Take note of the ‘Relying Party WS-Federation Passive Protocol URL’, you will require it when configuring your ADFS server.
- Click the ‘Save’ button.
- You will now see your provider in the provider list.
Take note of the blue message that appears. Providers are loaded in when Loome Identity starts up, so you must restart the application in IIS before your provider will be usable.
Create the relaying party trust in ADFS
Open the AD FS Management tool.
Verify that the Source user ID claim is available by going to ADFS > Service > Claim Descriptions.
Check the list for a claim with the name ‘Source user ID’ as defined in the appendix of this document under ADFS Claim Descriptions.
If the Claim Description does not exist, then add it.
Add a new Relaying Party Trust by going to AD FS > Trust Relationships > Right click on Relying Party Trusts and select ‘Add Relying Party Trust’.
Select ‘Start’ to begin.
Select ‘Enter data about this relying party manually’ and select ‘Next’.
Enter ‘Loome Identity’ for the name (or a name of your choosing) and select ‘Next’.
Leave the default ‘AD FS profile’ selected and select ‘Next’.
Select ‘Next’.
Select ‘Enable support for WS-Federation Passive protocol’ and then enter the ‘Relying Party WS-Federation Passive Protocol URL’ value recorded during the creation of the Loome Identity provider (You can go back to Loome Identity to get the value).
Select ‘Next’.
Select ‘Next’.
Select ‘Next’.
Select ‘Next’.
Select ‘Next’.
Ensure that ‘Open the Edit Claim Rules dialog for this relying party trust when the wizard closes’ checkbox is selected.
Select ‘Close’.
Select ‘Add Rule…’.
Select ‘Send Claims Using a Custom Rule’.
Select ‘Next’.
Enter ‘Loome Identity Rules’ for the ‘Claim rule name” or a name of your choosing.
Enter the custom rule defined in the appendix under ADFS Custom Rule.
Select ‘Finish’ and then select ‘OK’.
