To allow EAA to redirect users to AD FS login portal for completing authentication,
you need to setup EAA as an AD FS endpoint. This is done with relying party
trust.
Relying party trust is a term used in
Microsoft Windows Server system to identify service providers that can communicate with
an AD FS endpoint. In this procedure, you configure EAA as an AD FS endpoint.
How to
-
From the AD FS Manager, select
Relying Party Trusts folder and add a new
trust.
-
In the Add Relying Party Trust Wizard window select
Enter data about the relying party manually.
-
Click Next.
-
Select Specify Display Name tab. Complete these
fields,
-
Display name. Enter a name, for example
EAA-RPT
-
Notes. Enter optional notes, for example
EAA is relying party
-
Skip Configure Certificate tab.
-
Select Configure URL tab. Complete these fields,
-
Select Enable support for SAML 2.0 Web SSO
protocol.
-
Relying party SAML 2.0 SSO service URL. Enter URL
as https://<eaa-idp-fqdn>/saml/sp/response
where <eaa-idp-fqdn> is the FQDN for the AD FS IdP.
-
Select Configure Identifiers tab. Enter the same value
as previous step for Relying party trust identifiers,
that is https://<eaa-idp-fqdn>/saml/sp/response
-
Select Choose Access Control Policy tab. You can
configure all users, users of a specific active directory, users of a specific
group.
Note: The EAA administrator can add multiple attributes for different access
control policies.
-
Click Finish tab.
What you should see
This completes adding EAA as a Relying party trust in AD FS using the Add
Relying Party Trust Wizard.
Next steps
To learn more visit the Microsoft documentation, Creating a relying party trust.