Creating an ADFS Application
To connect ADFS as an identity provider for File Access Manager, first create a dedicated application in ADFS.
Complete the following steps to create an ADFS application:
- Log into ADFS and navigate to Trust Relationships > Relying Party Trusts.
- Select Add Relying Party Trust.
-
In the opened wizard, enter the following values for the respective steps:
- Select Data Source: Choose Enter data about the relying party manually (the last option).
- Select Next.
- Specify Display Name: Enter any name for the relying party trust. This name will later be used during the installation of File Access Manager with the SAML 2.0 option.
- Select Next.
- Choose Profile: Select the first option: ADFS profile.
- Select Next.
- Configure Certificate.
- Select Next.
- Configure URL.
- Select Next.
-
Relying Party Trust Identifier: Enter the name specified earlier in the Specify Display Name step.
- Select Add.
- Select Next.
-
Configure Multi-factor Authentication Settings: Select I do not want to configure multi-factor authentication.
- Select Next.
- Choose Issuance: Select Permit all users to access the relying party.
- Select Next.
- Ready to Add Trust.
- Select Next.
- Select Finish.
- Check Open the Edit Claim Rules.
- Select Close.
- In the opened Edit Claim Rules for [App Name] window, select Add Rule.
-
In the opened wizard, select and enter the following data:
- Select Rule Template: Choose Send LDAP Attributes as Claims.
- Select Next.
- Provide the following information for the Configure Claim Rule:
- Claim rule name:
UserInfo
- Attribute store: Active Directory
- Mapping of LDAP attributes to outgoing claim types:
- User-Principal-Name:
Username
- User-Principal-Name:
Name
- Claim rule name:
-
Select Finish.
- Select Add Rule again.
-
In the opened wizard, select and enter the following data:
- Choose Rule Type: Select Transform an Incoming Claim.
- Claim rule name: Free text
- Claim rule template: Select Transform an Incoming Claim
- Incoming claim type: Username
- Outgoing claim type: Name ID
- Outgoing name ID format: Unspecified
- Pass through all claim values: Select this option.
-
Select Finish.
-
Select OK.
- Right-click the recently created Relying Party Trust > Properties.
- Select the EndPoints tab.
-
Select Add SAML.
-
Fill the following values in all fields:
- Endpoint type: SAML Assertion Consumer
- Binding: POST
- Index: 0
- Trusted URL: Enter the following link:
https://[SERVER_NAME]/siqapi/login/AssertionConsumerService
whereSERVER_NAME
is the server where the File Access Manager website is installed.
-
-
Select OK on the next two screens.
The ADFS application is now set, and the following data will be needed during the installation of File Access Manager with the SAML 2.0 version:
- The name of the created Relying Party Trust, e.g., "ADFS_for_FAM_vit".
- The URL to the Metadata, which is constant per VM where ADFS is set.
The URL can be found in the ADFS Configuration > Service > Endpoints > Metadata section.
When installing File Access Manager, ensure you follow the sections related to SAML login installation.