Windows Server
This document describes how to set up AD FS on Windows Server for use with Haplo Research Manager. Please read the overview documentation first.
From the AD FS management tool, choose Actions > Add Relying Party Trust to launch the Add Relying Party Trust Wizard.
- Choose Import data about the relying party published online or on a local network
- Enter the Identifier into the Federation metadata address (hostname or URL) field.
- Click Next.
Check that the provided SAML Assertion Consumer Endpoint URL, ending assertion-consumer-service, has been successfully added, then close the wizard.
Once the wizard closes, open the Edit Claim Rules dialog to configure which of your institution’s LDAP Attributes are to be sent as SAML claims.
Typically this would be the username or email address from the Active Directory store, but your institute may have chosen to use an alternative attribute. If in doubt, add both username and email address.
- Click Add rule…
- In the Mapping of LDAP attributes to outgoing claim types section add one or both of:
| LDAP Attribute | Outgoing Claim Type |
| User-Principal-Name | UPN |
| E-Mail-Addresses | E-Mail Address |
- Click Finish.
Metadata URL
Finally, send the metadata URL for your AD FS instance to your Haplo contact. It will look like:
https://id.example.ac.uk/FederationMetadata/2007-06/FederationMetadata.xml
You can use PowerShell to export the AD FS endpoints.
Or you can guess by replacing the id.example.ac.uk hostname in the example URL with the hostname of your server. This is likely to be correct with a normal configuration.
Testing the configuration
After we have set up the first service provider in a test environment, we’ll need to test the configuration.