Configuring SkyPrep with ADFS is a multi-step process, and this article will serve to walk you through the procedure.
First, enable ADFS on your Windows Server.
Next, open the AD FS Management console.
Next, click on Add Relying Party Trust…
This should open the wizard. Click the Start button.
Select Enter data about the relying party manually.
Enter https://[your_skyprep_domain]/saml/consume as the display name
Select AD FS profile
Check Enable support for the SAML 2.0 WebSSO protocol and enter “https://[your_skyprep_domain]/saml/consume”. Then click Next.
Add “https://[your_skyprep_domain]/saml/consume” in the Relying party trust identifiers.
Select I do not want to configure multi-factor authentication settings for this relying party trust at this time.
Select Permit all users to access this relying party.
In the Edit Claim Rules section, add the settings so they look like this:
You can add additional attributes to to the SAML Claims.
These can be mapped as the following in the Outgoing Claim Type column:
You can also fix attributes to a specific value. For example, to set User.EmailNotifications to true, you can Edit Claim Rules, click Add Rule, use Send Claims using a Custom Rule and set the rule like such:
- Then we need to get the Windows Server idP XML manifest file. This can be found by visiting: https://[WINDOWS_SERVER]/federationmetadata/2007-06/federationmetadata.xml
- From the server itself, you can usually just visit https://localhost/federationmetadata/2007-06/federationmetadata.xml
- Open the file with Notepad++ or another file editing software.
- Add this line to the top of it:
<?xml version="1.0" encoding="UTF-8" ?>
- Next, go to the SAML configuration page at https://[your_skyprep_domain]/admin/program/saml and paste the metadata (with the xml tag above) into the idP Metadata (XML) field.
- Optionally, enable Automatically Create / Add Users (JIT) and Automatically Add Users to Existing Groups.
IMPORTANT: Please use Google Chrome and not Internet Explorer, as Internet Explorer may incorrectly present a security warning and you may not be able to save the page.
To test the integration, visit