How to configure SSO with ADFS

Active Directory Federation Services (ADFS) is a Single Sign-On (SSO) solution created by Microsoft. As a component of Windows Server operating systems, it provides users with authenticated access to applications that are not capable of using Integrated Windows Authentication (IWA) through Active Directory (AD).

Step 1: Setup SSO in AlphaLearn

  • 1. Login in to AlphaLearn.
  • 2. From top navigation bar go to Customize >> SSO
  • 3. Click on Create button and Select Identity Provider i.e ADFS and Click Submit.
  • 4. To view Config Details details, click on the respective row. You will see a SSO Config form along with details below it.

Step 1: Configure your ADFS 2.0 IdP

  • Login into ADFS.
  • On your ADFS server, open the ADFS Management console, expand Trust Relationships and select the Relying Party Trusts node. In the Actions panel, click Add Relying Party Trust.
  • Click Start then paste the Entity ID url in to the Federation Metadata address field and click Next.

  • Click on Next till you reach Ready To Add Trust page, here you check all numerous tabs to see if they have certificates with them.

  • Click Next and your Relying Party Trusts is added.
  • Select the Relying Party Trust we’ve just added and then click Edit Claim Rule
  • Add an Issuance Transform Rule based on the Send LDAP Attributes as Claims template. Select at least UPN, whatever else you choose here is your choice but add another such as mail or uid.
  • Add another Issuance Transform Rule but this time based on the Transform an Incoming Claim template. This one is important and is required to allow SimpleSAMLphp to talk with ADFS.

  • Once configured, you should have two Issuance Transform Rules that look as follows: