PART 1 - Active Roles
1) In the Configuration Center main window, click Web Interface. The Web Interface page displays all the Web interface sites that are deployed on the Web server running the Web interface. To configure the federated authentication settings, click Authentication.
2) To configure the federated authentication settings, click Federated.
3) In the Identity provider configuration section, select ADFS as the security Identity provider from the Identity provider drop-down menu.
4) Provide a valid URL in the Federated metadata URL field.
5) Provide the Realm URL of the requesting realm in the Realm field.
6) Provide the URL to send a response in the Reply URL field. A URL that identifies the address at which the relying party (RP) application receives replies from the Security Token Service (STS).
Here is an example of configuring the identity providers when using the Federated Authentication feature with ADFS.
IMPORTANT: By default, the priority of the claim is set based on the order the claims are created. The claim created first has the first priority, the claim created next has the secondary priority, and so on. However, you can move the claims based on the required priority
7) In the Claim editor section, to add claims, click Add. Add claim window is displayed.
8) To add UPN as the type of claim from the Claim type drop-down menu.
9) To add Name as the type of claim from the Claim type drop-down menu.
Here is an example of configuring the claim when using the Federated Authentication feature.
10) In the Domain user login credentials section, provide the valid credentials in the Username and Password fields. Recommended using Active Roles service account.
11) Click Modify to update the authentication settings. A message is displayed about the successful completion of the operation. After clicking on Modify, the ARSWeb is modified and is ready for federated authentication.
PART 2 - Active Directory Federation Service
12) Log into your primary Active Directory Federation Server
13) Open AD FS Management console
14) Expand Trust Relationships and right-click on Relying Party Trust and then click on Add Relying Party Trust...
15) On the Add Relying Party Trust Wizard main window, click Start.
16) On the Select Data source select Enter data about the relying party manually and then click Next
17) On the Spicy Display Name, give any name desired and then click next.
18) On the Profile Choose, select AD FS Profile, and click next.
19) On the Configure Certificate click next
20) On the Configure URL enable the check box for the WS-Federation Passive and SAML 2.0 service protocol. Fill up with the environment information such as the ARS Web Interface address and the ADFS.
Here is an example of configuring the WS-Federation Passive and SAML service protocol.
21) On the Configure Identifiers, remove the Adfs address and leave only ARS Web Interface
22) On the next page for MFA setting skip that option and click on next
23) Make sure that the option Permit all users to access this relying party is selected and click next
24) On the Ready to Add Trust window click next and finish the wizard
25) With the Edit Claim rule opened click on the Add Rule button for adding the claim set on steps 7 to 9 from the Part 1 - Active Roles
26) On the Transform Claim Rule Template make sure that Send LDAP Attribute as Claims is chosen
27) On the Claim Rule option give any name desired to the claim. On Attribute, store make sure that Active Directory is selected. Add the mapping User-Principal-Name for LDAP Attribute Name & UPN on the Outgoing Claim Type.Here is an example of configuring the WS-Federation Passive and SAML service protocol.
After completing these steps the user must be able to authenticate on the ARS Web Interface through the ADFS.