ADFS as Identity provider for SharePoint 2010 Claims web site – Part I

Posted on by

I am going to explain how to set up ADFS as Identity provider for SharePoint 2010 Claims web site. I am splitting this topic into 2 blogs(part I & part II) considering the length.

This this the first part which explains how to Configure ADFS 2.0 as Identify provider. Part II has the remaining 2 steps of Configuring a Claims based website and changing the authentication to ADFS.

Step 1:  Configure ADFS 2.0 as Identity Provider
1.1 Creating relying party trust.
1.      Open the ADFS 2.0 management console and expand on Trust Relations
2.      Relying Party Trust is selected.
3.      Click on Add Relying Party trust.
4.      Select enter data about relying party manually.
Relying party
5.      Give a name for the relying party as SharePoint.
Relying party name
  1. Select ADFS 2.0 profile and click next.
  2. Selecting a certificate for encryption is optional. Click next. Token is not encrypted. So no certificate is selected.
  3. Select Enable support for WS-Federation Passive Protocol. Give the url of your web application with /_trust/ at the endIn this case it is : https://sitename/_trust/)
  1. Click next
  1. Do not add any identifiers. Click next.
  2. Select permit all users to access this relying party. Click next

Relying party trust

  1. Verify the configuration and click next at the following screen.
  2. Leave the check box “Open the edit claim rules dialog…” and click on Close.
  3. Then click on Add rules.

Edit Claims

 

15.  Select the claim rule template as “Send LDAP attributes as claims

ADFS as Identity provider for SharePoint

16.  Give a name for the claim rule. Select Active Directory as attribute store.Click on the dropdown and select SAM Account Name in the LDAP attribute.

Select E-Mail address as the outgoing claim type.

Here we are sending email address as a claim. It will be our identifier claim also.ADFS as Identity provider for SharePoint

 

1.2 Export Certificate
1.      Open ADFS 2.0 management console.
2.      Expand Service and select Certificates.
3.      Right click on Token Signing Certificate and select view certificate.
4.      In the Certificate windows select Details tab and click on copy to file.
Export Certificate
5.      In the Certificate Export wizard click next.
6.      Select DER encoded binary X.509 and click next.
7.      Give a location where you want to save the exported certificate.
8.      Click on finish.
9.      Copy this certificate to the server where the SharePoint server is installed.
Remaining steps are continued in Part II