Set up relying party trust in AD FS
Before you begin
Relying party trust is a term used in Microsoft Windows Server system to identify service providers that can communicate with an AD FS endpoint. In this procedure, you configure Akamai Enterprise IdP as an AD FS endpoint.
To learn more about creating a relying party trust in AD FS, see the Microsoft documentation.
- From the AD FS Manager, select the Relying Party Trusts folder and add a new trust.
- In the Add Relying Party Trust Wizard window, select Claims aware and click Next.
- In the Select Data Source window, select Enter data about the relying party manually, and click Next.
Select Specify Display Name tab. Complete these
Display name. Enter a name. For example,
Notes. Enter optional notes. For example,
IDP is relying party.
- Display name. Enter a name. For example,
- Skip the Configure Certificate tab.
Select Configure URL tab. Complete these fields:
- Select Enable support for SAML 2.0 Web SSO protocol.
- For the Relying party SAML 2.0 SSO service URL, enter the URL as https://<idp-fqdn>/saml/sp/response, where <idp-fqdn> is the FQDN of the IdP you created.
- Select the Configure Identifiers tab. Enter the same value as the previous step for Relying party trust identifiers. Enter https://<idp-fqdn>/saml/sp/response.
Select the Choose Access Control
Policy tab. You can configure all users, users of a specific
active directory, and users of a specific group.
Note: The ETP administrator can add multiple attributes for different access control policies.
- Click the Finish tab. This completes adding ETP as a Relying party trust in AD FS using the Add Relying Party Trust Wizard.
- If you are sending simple LDAP attributes from AD FS to ETP, see Use claims to send LDAP attributes from AD FS to ETP.
- If you are sending complex attributes like group membership from AD FS to ETP, see Use custom claim description to send group membership from AD FS to ETP.