27.11.2 Making the Corresponding Changes in ADFS

  1. Open the ADFS management console.

  2. Click Claims Provider Trusts > Add Claims Provider trust.

  3. Click Start in the Add Claims Provider Trust Wizard.

  4. Click Import data about the claims provider from a file in the Select Data Source tab.

  5. Browse the Federation metadata file.

    You can download the Federation metadata from the Advanced Authentication metadata URL: https://<aaf-server>/osp/a/TOP/auth/saml2/metadata.

  6. Click Next.

  7. Specify the Display name.

  8. Click Next.

  9. Select Open the Edit Claim Rules dialog for this claims provider when the wizard closes.

  10. Click Close.

  11. Right-click the Display name and click Edit Claim Rules.

  12. Click Add Rule.

  13. Select Send Claims Using a Custom Rule from Claim rule template in the Add Transform Claim Rule Wizard.

  14. Click Next.

  15. Specify the Claim rule name.

  16. Paste the following in Custom rule:

    c:[Type == "netbiosName"] => issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);

  17. Click OK.

  18. Launch Windows Powershell and run the following command to connect to your Office 365 tenant:

    Connect-MsolService

  19. Run the following command to disable the PromptLoginBehavior parameter and to send wfresh=0 to AD FS for fresh authentication of federated users.

    Set-MsolDomainFederationSettings -DomainName <domain_name> -PromptLoginBehavior Disabled