Configuring and running the ADFS examples for ASP.NET and ASP.NET MVC on Windows Server 2016

This topic describes the configuration for the WebForm and MVC SP Provider example project. That project demonstrates SSO with Windows ADFS.


In this example, we assign hostname of the ADFS Example to and the ADFS server to

If you run the example locally, you may want to update `Windows\System32\drivers\etc\hosts file on the IdP and SP machines to include entries for and For example:


Configure and Service Provider example

The settings for the SP example are stored in its web.config file.

  • SsoBinding species the binding to use when communicating to the ADFS IDP provider. The value can either be urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect or urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
  • IdpHttpPostServiceUrl is the URL of the ADFS service when using the HTTP POST binding IdpHttpRedirectServiceUrl is the URL of the ADFS service when using the HTTP Redirect binding

Configure the ADFS server

Our SP Example acts as a relying party in the ADFS server. To add a replying trust for the SP to the ADFS service, use the ADFS management console.

In the following step, select “Enter data about the relying party manually.”

Specify ADFS relying partner

Then specify a display name of the party. e.g., “”

In the Choose Profile step, select AD FS Profile.

Enter SP

If you want to have SAML assertion returned by ADFS encrypted, browse to SPKey.pfx to specify it as the token encryption certificate.

Enter SP

Now Enable support for SAML v2.0 WebSSO protocol and specify the service provider’s assertion consumer service URL. In our MVC example, we use:

Enter SP

Then specify the relying party trust identifier.

Enter SP

In Choose Issuance Authorization Rules, select “Permit everyone.”

Permit everyone ADFS

The list of relying party trusts should now include our newly created SP.

List of trusted ADFS parties

The authentication request sending from the SP is signed. To specify the certificate to use to validate the signature, open up the reply party trusts properties dialog and under the Signature tab, add the service provider certificate.

Specify certificate for AD

For this example, we use the SHA-1 algorithm. To do so, click on the Advanced tab and choose SHA-1. Keep in mind that ComponentPro SAML supports both SHA-1 and SHA-2 algorithms.

Then edit the claim rules and add a rule.

Edit ADFS Claim Rules

Map the Active Directory user principal name to the outgoing Name ID.

MAP AD principal ADFS Outgoing NameID

Your ADFS server should now be ready to connect with the example SP.

45-Day Money Back Guarantee

We will refund your full money in 45 days
if you are not satisfied with our products

Buy Now