SharePoint 2013 ADFS 3.0 Configure Relying Party

Overview

This is part 5 in our SharePoint 2013 ADFS 3.0 Installation and Configuration series of articles.  In this article we will discuss the setup of a relying party within ADFS for use with our SharePoint 2013 farm.

Configure a Relying Party

In our previous article we installed and configured ADFS.  Now that ADFS is setup we can configure the initial “Relying Party” to be used with our SharePoint web application “spt.splab.local

  • Start the “AD FS Management” console from the Tools menu in Server Manager

adfs3-13

  • Click the “Add Relying Party Trust” link in the “Overview” section of the AD FS console

adfs3-14

  • Click “Start” on the welcome screen
  • Select the “Enter data about the relying party manually” radio button and click “Next >

image

  • Enter a value in the “Display name:” and optionally the “Notes:” fields

adfs3-15

  • Select the “AD FS profile” radio button and click “Next >

adfs3-16

  • Click “Next >” on the “Configure Certificate” screen because it is not necessary to encrypt SAML tokens since HTTPS is a requirement for the SharePoint Web App to communicate with the ADFS STS
  • Select the “Enable support for the WS-Federation Passive protocol” checkbox and enter the URL for the relying party WS-Federation Passive protocol URL then click “Next >

adfs3-17

  • Enter a relying party trust identifier and click the “Add” button

adfs3-18

  • Verify it has been added and then click “Next >

adfs3-19

  • Select the “I do not want to configure multi-factor authenticatoin settings for this relying party trust at this time.” radio button and then click “Next >
  • Select the “Permit all users to access this relying party” radio button and then click “Next >
  • Review the configured settings and click “Next >
  • Leave the “Open the Edit Claim Rules dialog for this relying party trust when the wizard closes” and click “Close

Add Claims Rule

In this step a claim rule will be created that maps email address and role attributes from Active Directory.

  • Click “Add Rule…
  • Select the “Send LDAP Attributes as Claims” entry from the dropdown box and click “Next >

adfs3-20

  • Enter a “Claim rule name:“, select “Active Directory” for “Attribute store:” and configure the attribute mapping.  Click “Finish” when done and then “OK” to accept.

adfs3-21

  • The relying party is now configured and will be used in subsequent steps when configuring a “Trusted Authentication Provider” in SharePoint

adfs3-22

Advertisements
Tagged with: , , , , , , , ,
Posted in ADFS, ADFS 3.0, SharePoint 2013, Windows Server 2012
3 comments on “SharePoint 2013 ADFS 3.0 Configure Relying Party
  1. Brian says:

    I believe the URL for Relying Parties is wrong, should be https://spt.splab.local/_trust
    not https://spt.splab.local//trust_

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: