MFAS Default Content

Microsoft ADFS

It is assumed the ADFS server is up and running and can be reached from the end-users machine.

Create relying party trust

From the ADFS Management Console, select Trust Relationships > Relying Party Trusts.

Click on “Add Relying Party Trust” on the right:

Select claims aware:

Import the metadata export from the SSO Gateway:
https://www.mfas.nl/sso/ibm/saml20/<customerid>/samlmetadata
In the above URI’s, the term “<customerid>” must match the Customers unique id and will be provided by the MFAS Portal administrator.

Create claim rules

After the import, add “Claim issuance Policy”
Select rule template: Send LDAP Attributes as Claims:

Give it a name, for example “Select attribute from AD”.
Set LDAP Attribute to “E-Mail-Address” and Outgoing claim type “E-Mail Address”:

Add another rule.
Select rule template: Transform an Incoming Claim:

Give it a name, for example “Transform Email to NameID”.
Set incoming claim type to “E-Mail Address”, outgoing claim type to “Name ID” and outgoing name ID format to “Email”:

Provide the metadata

After this configuration, provide the SAML metadata URL; for instance:
https://adfs.acuity.nl/federationmetadata/2007-06/federationmetadata.xml

Send the metadata URL to the MFAS Portal administrator.

Complementary Content
${loading}