Configure ADFS (Active Directory Federation Services)

To use ADFS, perform the following: 

  1. Configure Sitefinity CMS. 
    1. Navigate to Administration » Settings » Advanced
    2. In the left pane, expand Authentication » SecurityTokenService » AuthenticationProviders » ADFS
    3. In Metadata Address filed, enter the ADFS Server address, concatenated by /federationmetadata/2007-06/federationmetadata.xml 
      For example, enter https://<>/federationmetadata/2007-06/federationmetadata.xml 
    4. In Wtrealm field, enter the identifier of the relying party that is to be configured in the ADFS server.
      For example, enter urn:sitefinity

      NOTE: In the ADFS configuration, the Wtrealm and the Relying party identifier must be the same.

    5. Select the Enabled checkbox. 
    6. In Auto assigned roles, enter a comma-separated list of the roles that will be automatically assigned to users, when they register with this provider.
      For more information about using auto-assigned roles together with user groups, see Use external authentication providers with user groups.
    7. Save your changes.
  2. Configure the ADFS server.
    1. On the ADFS server machine, open the ADFS Management application.
    2. Add a new claims-based relying party for Sitefinity CMS.
      Enter the relying party data manually.
    3. Enable support for the WS-Federation Passive protocol.
    4. Add endpoint for the relying party in the following way:
    5. Enter the identifier of the relying party.
      It must be the same as the Wtrealm field, configured in Step 1.d.
      For example, urn:sitefinity.
    6. Close the Relying Party Trust window.
      The Edit Claim rules window appears.
  3. If the window does not appear, perform the following:
    1. In the ADFS Management console, navigate to Relying Party Trusts.
    2. Select the relying party for Sitefinity and click Edit Claims Issuance Policy.
      By default the list of claim rules is empty.
    3. Create a new claim rule of type Send LDAP Attributes as Claims.
    4. Select Active Directory as attribute store and fill out the following:
      • User Principal Name (UPN) to be equal to Name ID (identifier) - this is mandatory and unique identifier used by Sitefinity CMS.
      • E-Mail Addresses to be equal to E-Mail Address - this is mandatory and unique identifier.
      • Display-Name to be equal to Name – This claim, and other claims, are optional.

RESULT: Next time when the login screen is displayed, it will have a button that you can use to login with ADFS.

Want to learn more?

Sign up for our free beginner training. Boost your credentials through advanced courses and certification.
Register for Sitefinity training and certification.

Was this article helpful?