The ADFS server rejects the contract URI names of the default Access Manager contracts, which have a URI format of secure/name/password/uri. The ADFS server expects the URI to look like a URL.
Use the following format for the URI of all contracts that you want to use with the ADFS server:
<baseurl>/name/password/uri
If DNS of your Identity Server is idp-50.amlab.net, the URI looks similar to the following format:
https://idp-50.amlab.net:8443/nidp/name/password/uri
This URL does not resolve to anything because Identity Server interprets it as a contract URI and not a URL.
To create a new authentication contract:
On the Home page, click Identity Servers > [cluster name] > Authentication > Contracts > Plus icon.
Specify the following details:
|
Field |
Description |
|---|---|
|
Name |
Specify a name. For example, WS-Fed Contract. |
|
URI |
Specify a URI. For example, https://idp-50.amlab.net:8443/nidp/name/password/uri. |
|
Advanced Settings > Satisfy with an external provider |
Select this option. The ADFS server needs to satisfy this contract. |
In Authentication Methods, select Name/Password – Form.
Click the Plus icon under Authentication Card and specify the following details:
|
Field |
Description |
|---|---|
|
Card Image |
Select an image, such as Form Auth Username Password. This is the default image for the Name/Password - Form contract. |
|
Card ID |
Leave this field blank. Supply a value if you want a reference to use it externally. |
|
Text |
Specify a description that is available to the user when the user hovers over the card. |
Turn on Show Card to show the card to users, which allows them to select and use the card forauthentication.
Click Save.
Continue with Setting the WS-Fed Contract as the Default Contract.