Configuring ADFS 2.0 to work with SAML 2.0
Replicon supports use with SAML 2.0. However, Replicon does not host its own identity provider for SAML 2.0, as it does with SAML 1.1. If you want to use SAML 2.0 with Replicon, you must enlist a third party identity provider.
For information on configuring Replicon for use with SAML 2.0, refer to Setting up SAML 2.0 for Replicon.
For information on setting up your identity provider to work with Replicon's SAML 2.0 functionality, talk to your identity provider. You can use Active Directory Federation Services 2.0 (ADFS 2.0) to set up an identity provider. It can be downloaded from http://www.microsoft.com/en-ca/download/details.aspx?id=10909.
Information on configuring ADFS 2.0 for use with SAML 2.0 for Replicon is given below.
To configure ADFS 2.0 to work with SAML 2.0 for Replicon:
- Load the AD FS 2.0 Management console.
- Under Trust Relationships, right-click on Relying Party Trusts and select Add Relying Party Trust.
- Click Start.
The Add Relying Party Trust wizard displays.
- Select the Import data about the relying party published online or on a local network option.
In the box, enter https://global.replicon.com/!/saml2/<YourCompanyKey> and click Next.
- Enter the display name you’d like your users to see, and click Next.
- Select the Permit all users to access this relying party option, and then click Next. Click Next again.
- Select the Open the edit claim rules dialog for this relying party trust when the wizard closes check box, and click Close.
The Edit Claim Rules dialog box displays.
- On the Issuance Transform Rules tab, click Add Rule.
- In the wizard that displays, select Send LDAP Attributes as Claims from the Claim Rule Template drop-down, and then click Next.
- Complete the following fields as indicated below, and then click Finish:
- Rule Name: Whatever name you'd like to use
- Attribute Store: Active Directory
- LDAP Attribute: Choose the attribute you’d like to map to the Replicon user account login name
- Outgoing Claim Type: Name ID
The rule you created should display on the Issuance Transform Rules tab. Click OK.
A new relying party trust should display in the AD FS 2.0 Management console.
- Right-click on the name of the trust, and select Properties.
- In the Properties dialog, select the Advanced tab. Change the Secure hash algorithm to SHA-256 or SHA-1, and click OK.