Configure CSM with Microsoft ADFS

Microsoft Active Directory Federation Services (ADFS) 2.0 is an add-on product for Active Directory that supports identity federation protocols, including SAML 2.0.

Note: CSM provides integration with third-party identify providers, not support. For more information about your AD/ADFS setup, work with an AD/ADFS Administrator.

To Configure CSM with ADFS

  1. Configure CSM as a SAML Service Provider (export the data to a service provider metadata file).
  2. Add the CSM Service Provider to Microsoft ADFS as a Relying Party. To manually add the service provider, see Manually Add CSM as a Relying Party
  3. Confirm the general properties of ADFS are configured correctly.
    1. Start the ADFS 2.0 Manager.
    2. Right-click Service and select Edit Federation Service Properties.
    3. Verify that the settings on the General tab match the correct DNS and certificate common names.
  4. Import the CSM Service Provider Metadata file into ADFS. For more information, see the section below.
  5. Configure ADFS as the SAML Identity Provider. For more information, see the section below.

Import the CSM Service Provider Metadata File into ADFS

  1. Start the ADFS 2.0 Manager.
  2. Select Add Relying Party Trust.
  3. Select Import data about the relying party from a file.
  4. Select the CSM Service Provider metadata file exported when CSM was configured as a service provider.
  5. Provide a Display Name, and then click Next.
  6. Select Permit all users to access this relying party, and then click Next.
  7. Ensure that the Open the Edit Claim Rules dialog for this relying party when the Wizard closes check box is selected, and then click Close.
  8. Under Issuance Transform Rules, click Add Rule, and then follow the steps for the desired type of ID, either E-mail address or Windows Login.

Configure ADFS as the SAML Identity Provider

This action obtains the metadata file and imports it into CSM.

  1. Open the ADFS 2.0 Manager.
  2. On the left side, expand Service, and then select Endpoints.
  3. In the Endpoint window, scroll down to the Metadata section.
  4. Find the entry with a type of Federation Metadata. That is the relative URL to append to the domain name for the ADFS server that can be entered when importing metadata for the identity provider (ex: https://server/FederationMetadata/2007-06/FederationMetadata.xml (replace server with the server name).
    Tip: The metadata can also be saved as a file by browsing to the above URL, and then saving the page as a file. (ex: in Firefox on Windows 7, select Save File, and then copy the xml file from the Downloads folder to the desired folder).
© Copyright 2018 Cherwell Software, LLC. All rights reserved.