Skip to content

Setting up authentication with Active Directory Federation Services

Ryan Newington edited this page Jul 7, 2018 · 3 revisions

The following guide will assist you in configuring your application to use Active Directory Federation Services (ADFS) for authentication.

Part 1: Configure IIS

  1. Open IIS Manager, expand the Sites list, and select the Lithnet LAPS web site you created at installation time.
  2. In the app setting pane, click Authentication
  3. Ensure Anonymous authentication is enabled, and all other options are disabled.

Part 2: Configure a new replying party trust in ADFS

  1. Open the AFDS console, expand Trust Relationships, right-click Relying Part Trusts and select Add relying-party trust
  2. Click Next and select Enter data about the relying party manually
  3. Specify Lithnet LAPS Web App as the display name
  4. Select AD FS profile
  5. Skip the encryption certificate step
  6. Check the box to Enable support for the WS-Federation Passive protocol. Specify the base URL where your Lithnet LAPS Web app is hosted (eg https://laps.lithnet.local/)
  7. Skip the page prompting you to add additional relying party trust identifiers
  8. Optionally, configure multi-factor authentication for the trust, and follow the remaining pages through to completion
  9. Edit the claim rules for the application. Add a new issuance transform rule to Send LDAP attributes as claims
  10. Set 'Issue UPN' as the claim rule name. Select Active Directory as the attribute store, User-Principal-Name as the LDAP Attribute and UPN as the outgoing claim type

Part 3: Configure the Lithnet LAPS web app

  1. Open the web.config file in the root of the application folder. Ensure no other owin:appStartup key is present
  2. Substitute the value for ida:wtrealm with the base URL of your application set in step 6
  3. Substitute the afds.lithnet.local portion in the ida:metadata field with the hostname of your ADFS server
<add key="owin:appStartup" value="Lithnet.Laps.Web.Startup.ConfigureWsFederation" />
<add key="ida:wtrealm" value="https://laps.lithnet.local" />
<add key="ida:metadata" value="https://adfs.lithnet.local/FederationMetadata/2007-06/FederationMetadata.xml" />
You can’t perform that action at this time.