It is assumed the ADFS server is up and running and can be reached from the end-users machine.
Create relying party trust
From the ADFS Management Console, select Trust Relationships > Relying Party Trusts.
Click on “Add Relying Party Trust” on the right:
Select claims aware:
Import the metadata export from the SSO Gateway:
In the above URI’s, the term “<customerid>” must match the Customers unique id and will be provided by the MFAS Portal administrator.
Create claim rules
After the import, add “Claim issuance Policy”
Select rule template: Send LDAP Attributes as Claims:
Give it a name, for example “Select attribute from AD”.
Set LDAP Attribute to “E-Mail-Address” and Outgoing claim type “E-Mail Address”:
Add another rule.
Select rule template: Transform an Incoming Claim:
Give it a name, for example “Transform Email to NameID”.
Set incoming claim type to “E-Mail Address”, outgoing claim type to “Name ID” and outgoing name ID format to “Email”:
Provide the metadata
After this configuration, provide the SAML metadata URL; for instance:
Send the metadata URL to the MFAS Portal administrator.