On the ADFS Management console, click Relying Party Trusts > Add Relying Party Trust.
Select Claims aware and click Start.
To import StoreFront metadata, perform the following:
Select Import data about the relying party from a file.
Specify StoreFront metadata URL in https://<storefront_server>/Citrix/<StoreAuth>/SamlForms/ServiceProvider/Metadata format.
Click Next.
Specify Display Name and Notes for StoreFront and click Next.
Select Permit everyone from Choose an access control policy list to configure access control policy for ADFS and click Next.
Verify the values imported from the StoreFront metadata and Click Next.
Select Configure claims issuance policy for this application and click Close.
Select the trust created for StoreFront on the Relying Party Trusts and click Edit Claim Rules.
In the Issuance Transform Rule tab, add three rules:
To add the first rule, perform the following steps:
Click Add Rule.
Select Send LDAP Attributes as Claims from Claim Rule Template.
Specify Claim rule name.
Select Active Directory from Attribute Store.
Select User-Principal-Name from LDAP Attribute.
Select Name ID from Outgoing Claim Type.
Click Save.
To add the second rule, perform the following steps:
Click Add Rule.
Select Pass Through or Filter an Incoming Claim from Claim Rule Template and click Next.
Specify Claim rule name.
Select Name ID from Incoming Claim Type.
Select Unspecified from Incoming name ID format.
Select Pass through all claim values.
Click OK.
To add the third rule, perform the following steps:
Click Add Rule.
Select Send LDAP Attributes as Claims from Claim Rule Template.
Specify Claim rule name.
Select Active Directory from Attribute Store.
Map the LDAP attributes as follows:
LDAP attribute 1:
Select Surname from LDAP Attribute.
Select Surname from Outgoing Claim Type.
LDAP attribute 2:
Select Given Name from LDAP Attribute.
Select Given Name from Outgoing Claim Type.