The WS Federation page allows you to create or edit trusted identity providers and trusted service providers. When you create an identity provider configuration, you are configuring the Identity Server to be a WS Federation resource partner. When you create a service provider configuration, you are configuring the Identity Server to be a WS Federation account partner.
In the Administration Console, click .
Select one of the following actions:
New: Launches the Create Trusted Identity Provider Wizard or the Create Trusted Service Provider Wizard, depending on your selection. For more information, see one of the following:
Delete: Allows you to delete the selected identity or service provider. This action deletes the definition.
Enable: Enables the selected identity or service provider.
Disable: Disables the selected identity or service provider. When the provider is disabled, the server does not load the definition. However, the definition is not deleted.
Modify: Click the name of a provider. For configuration information, see Section 10.4, Modifying a WS Federation Identity Provider or Section 10.5, Modifying a WS Federation Service Provider.
Click , then update the Identity Server.
In order to have a trust relationship, you need to set up the ADFS server as an identity provider for the Identity Server.
In the Administration Console, click > > > .
On the WS Federation page, click , select , then fill in the following fields:
Name: Specify a name that identifies the identity provider, such as Adatum.
Provider ID: Specify the federation service URI of the identity provider, for example urn:federation:adatum.
Sign-on URL: Specify the URL for logging in, such as https://adfsaccount.adatum.com/adfs/ls/.
Logout URL: Specify the URL for logging out, such as https://adfsresource.treyresearch.net/adfs/ls/
Identity Provider: Specify the path to the signing certificate of the ADFS server.
Confirm the certificate, then click .
For the authentication card, specify the following values:
ID: Leave this field blank.
Text: Specify a description that is available to the user when the user mouses over the card.
Image: Select an image, such as , or any other image.
Show Card: Enable this option so that the card can be presented to the user as a login option.
Click .
For information about additional configuration steps required to use this identity provider, see Section 10.2, Using the ADFS Server as an Identity Provider for an Access Manager Protected Resource.
In order to establish a trusted relationship with the ADFS server, you need to set up the ADFS server as service provider. The trusted relationship allows the service provider to trust the Identity Server for user authentication credentials.
In the Administration Console, click > > > .
Click > , then fill in the following fields:
Name: Specify a name that identifies the service provider, such as TreyResearch.
Provider ID: Specify the provider ID of the ADFS server. The default value is urn:federation:treyresearch.
Sign-on URL: Specify the URL that the user is redirected to after login. The default value is https://adfsresource.treyresearch.net/adfs/ls/.
Logout URL: (Optional) Specify the URL that the user can use for logging out. The default value is https://adfsresource.treyresearch.net/adfs/ls.
Service Provider: Specify the path to the signing certificate of the ADFS server.
Click , confirm the certificate, then click .
For information about additional configuration steps required to use this service provider, see Section 10.1, Using the Identity Server as an Identity Provider for ADFS.