This document describes how to configure Single Sign-on when Active Directory Federated System (ADFS) is your identity provider.
In this document, you’ll learn how to integrate Chakra with ADFS. When you integrate Chakra with ADFS, you can:
Control in ADFS who has access to Chakra.
Enable your users to be automatically signed in to Chakra with their ADFS accounts.
Manage your accounts in one central location - the ADFS portal.
To set up and use ADFS and Chakra Single Sign-on (SSO) feature:
Open the Server Manager
Open the ADFS Management console (Tools > ADFS Management)
Under the Actions pane, click Add Relying Party Trust
You’ll now see the welcome page of the Add Relying Party Trust Wizard. Click Start.
Select the “Enter data about relying party manually” radio button, then click Next.
Enter a “Display Name” of your choice, then click Next
Leave the certificate settings here as their defaults and just click Next
Select “Enable support for the SAML 2.0 WebSSO protocol”
For “Relying party SAML2.0 SO service URL”, paste the value of “SP ACS URL” copied earlier. Click Next
For “Relying party trust identifier” paste the value of “SP Entity ID” copied earlier. Then click the “Add” button.
Once you see the added entry in the list “Relying party trust identifiers:”, click Next
Keep the default setting (Permit everyone) and click Next.
The configurations are now complete. Click Next to continue.
The relying party trust has now been added. Click Close to proceed to the Edit Claim Rules dialog.
Click the Add Rule button.
Click Next to create a Send LDAP Attributes as Claims rule.
Enter a name for the claim rule, select the Attribute store as Active Directory (this is where the LDAP attributes will be extracted from), then map the LDAP attributes to the outgoing claim type as shown below. Click Finish when you’re done.
Now click OK.
Now navigate to ADFS Management>Relying Party Trusts, You can see all relying party trusts here. If required, you can edit claims by clicking Edit claim rules. You may also change identifiers by clicking Properties.
Navigate to ADFS>Service>Endpoints, and ensure that the following endpoint is enabled /adfs/services/trust/13/usernamemixed