To establish a trust relationship, you need to set up the Adatum site (adfsaccount.adatum.com) as an identity provider for Identity Server.
Adatum is the default name for the identity provider. If you have used another name, substitute it when following these instructions. To create an identity provider, you need to know the following information about the Adatum site:
Table 6-15 Adatum Values
|
Option |
Default Value and Description |
|---|---|
|
Provider ID |
Default Value: urn:federation:adatum The ADFS server provides this value to the service provider in the realm parameter in the assertion. Set this value in Properties of the Trust Policy on the ADFS server. The label is Federation Service URI. |
|
Sign-on URL |
Default Value: https://adfsaccount.adatum.com/adfs/ls/ The service provider uses this value to redirect the user for login. This URL is listed in Properties of the Trust Policy on the ADFS server. The label is Federation Services endpoint URL. |
|
Logout URL |
Default Value: https://adfsresource.treyresearch.net/adfs/ls/ The ADFS server makes no distinction between the login and logout URL. Access Manager has separate URLs for login and logout, but from an Access Manager Identity Server to an ADFS server, they are the same. |
|
Signing Certificate |
This is the certificate that the ADFS server uses for signing. You need to export it from the ADFS server. It can be retrieved from the properties of the Trust Policy on the ADFS Server on the Verification Certificates tab.This certificate is a self-signed certificate that you generated when following the step-by-step guide. |
To create an identity provider, perform the following steps:
On the Home page, click Applications > Select a Cluster > New Application > WS Federation Identity Provider.
Specify the following details:
|
Field |
Description |
|---|---|
|
Name |
Specify a name that identifies the identity provider, such as Adatum. |
|
Provider ID |
Specify the federation service URI of the identity provider. For example, urn:federation:adatum. |
|
Sign-on URL |
Specify the login URL. For example, https://adfsaccount.adatum.com/adfs/ls/. |
|
Logout URL |
Specify the logout URL. For example, https://adfsresource.treyresearch.net/adfs/ls/ |
|
Signing Certificate |
Specify the path to the signing certificate of the ADFS server. |
Click Next, confirm the certificate, and then click Save.
For the authentication card, specify the following values:
|
Field |
Description |
|---|---|
|
Authentication |
Select an image, such as Customizable, or any other image. |
|
Card ID |
Leave this field blank. |
|
Card Name |
Specify a description that is shown to a user when the user places a mouse over the card. |
|
Show Card |
Select this option to display the card as a login option. |
Click Save.
Continue with Modifying the User Identification Specification.