I am going to explain how to set up ADFS as Identity provider for SharePoint 2010 Claims web site. I am splitting this topic into 2 blogs(part I & part II) considering the length.
This this the first part which explains how to Configure ADFS 2.0 as Identify provider. Part II has the remaining 2 steps of Configuring a Claims based website and changing the authentication to ADFS.
Step 1: Configure ADFS 2.0 as Identity Provider
1.1 Creating relying party trust.
- Select ADFS 2.0 profile and click next.
- Selecting a certificate for encryption is optional. Click next. Token is not encrypted. So no certificate is selected.
- Select Enable support for WS-Federation Passive Protocol. Give the url of your web application with /_trust/ at the endIn this case it is : https://sitename/_trust/)
- Click next
- Do not add any identifiers. Click next.
- Select permit all users to access this relying party. Click next
- Verify the configuration and click next at the following screen.
- Leave the check box “Open the edit claim rules dialog…” and click on Close.
- Then click on Add rules.
15. Select the claim rule template as “Send LDAP attributes as claims”
16. Give a name for the claim rule. Select Active Directory as attribute store.Click on the dropdown and select SAM Account Name in the LDAP attribute.
Select E-Mail address as the outgoing claim type.
Here we are sending email address as a claim. It will be our identifier claim also.