When adding an Active Directory identity provider, you can also choose to allow users from that provider to authenticate using Active Directory Federation Services (AD FS).
- Turn on the Enable AD FS authentication option.
- Next to Host, specify the AD FS host name.
- Click Get Configuration From Host to automatically get the Issuer and Endpoint values.
Note: For a new AD FS identity provider, clicking the Get Configuration From Host button will automatically retrieve both Issuer and Endpoint values, but not the certificate. When editing an AD FS identity provider, clicking the Get Configuration From Host button will automatically retrieve Issuer and Endpoint values as well as the certificate.
You can also manually specify the values.- Next to Issuer, specify your AD FS issuer value. By default, it should look similar to the following:
http://adfs.sampledomain.com/adfs/services/trust
- Next to Endpoint, specify your AD FS endpoint. By default, it should look similar to the following:
https://adfs.sampledomain.com/adfs/ls/
- Next to Issuer, specify your AD FS issuer value. By default, it should look similar to the following:
- Under Certificates, click Choose File and specify your AD FS X.509 token-signing certificate.
Optional: Overriding Claim Mappings
Directory Server 10.4 and later supports manually configuring claim mappings between AD FS and Directory Server. After configuring AD FS, view the Claims tab to map Active Directory claims to Directory Server claims. Directory Server supports several pre-defined claims.
You can add a custom claim mapping by selecting + Add at the bottom of the page.
- Under map to, specify the target attribute in Directory Server.
- Under from, specify the source attribute from Active Directory.
- Click Save when done.
Additional Resources
Configuring Active Directory Federation Services Authentication for Laserfiche Directory Server