ADFS is a standards-based service that allows the secure sharing of identity information between trusted business partners. It's also a giant pain in the butt. This guide will hopefully give people information on how to successfully authenticate users into Bridge using ADFS as the SAML Identity Provider (IdP).
The first thing to do to set up SAML with ADFS is to generate the necessary Service Provider (SP) metadata in Bridge.
- To start, log in to Bridge as an admin and navigate to Account Management and then Account settings.
- Near the top of the page select the Auth option.
- Scroll down until you see the SAML 2.0 option and click the enable button.
- For this step you will need your ADFS IdP metadata it can generally be found at this address:
- Select the "Manual Configuration" option from the top drop down and uncheck the "Sign Authentication Requests" and "Use Name Qualifiers on Entity IDs" options unless necessary.
- Place the IdP Entity ID, the Sign On URL, the X509 Certificate, any authentication context (optional), and the Name ID Format.
- You can also adjust the clock drift to accommodate clock differences between IdP and SP.
- By default, the Authentication Lifetime is set to a week (604800 Seconds). This should match your IdP defined Max Authentication Lifetime.
- Click save at the bottom of the page and wait for Bridge to generate your metadata link.
Initial Setup (setting up a trust)
- Under Trust Relationships, right-click on Relying Party Trusts and select Add Relying Party Trust.
The Add Relying Party Trust wizard displays with one of the following two methods:
Select the Open the edit claim rules dialog for this relying party trust when the wizard closes check box, and click Close.
Making some sweet claim rules!
The Edit Claim Rules dialog box displays.
In the wizard that displays, select Send LDAP Attributes as Claims from the Claim Rule Template drop-down, and then click Next.
Complete the following fields as indicated below, and then click Finish:
The rule you created should display on the Issuance Transform Rules tab. Click OK. A new relying party trust should display in the AD FS 2.0 Management console.
Right-click on the name of the trust, and select Properties.
- Click OK and you're all done.