This topic describes the configuration for the WebForm and MVC SP Provider example project. That project demonstrates SSO with Windows ADFS.
In this example, we assign hostname of the ADFS Example to sp.com and the ADFS server to idp.com.
If you run the example locally, you may want to update `Windows\System32\drivers\etc\hosts file on the IdP and SP machines to include entries for www.idp.com and www.sp.com. For example:
The settings for the SP example are stored in its web.config file.
Our SP Example acts as a relying party in the ADFS server. To add a replying trust for the SP to the ADFS service, use the ADFS management console.
In the following step, select “Enter data about the relying party manually.”
Then specify a display name of the party. e.g., “www.sp.com”
In the Choose Profile step, select AD FS Profile.
If you want to have SAML assertion returned by ADFS encrypted, browse to SPKey.pfx to specify it as the token encryption certificate.
Now Enable support for SAML v2.0 WebSSO protocol and specify the service provider’s assertion consumer service URL. In our MVC example, we use: www.sp.com/Service/
Then specify the relying party trust identifier.
In Choose Issuance Authorization Rules, select “Permit everyone.”
The list of relying party trusts should now include our newly created SP.
The authentication request sending from the SP is signed. To specify the certificate to use to validate the signature, open up the reply party trusts properties dialog and under the Signature tab, add the service provider certificate.
For this example, we use the SHA-1 algorithm. To do so, click on the Advanced tab and choose SHA-1. Keep in mind that ComponentPro SAML supports both SHA-1 and SHA-2 algorithms.
Then edit the claim rules and add a rule.
Map the Active Directory user principal name to the outgoing Name ID.
Your ADFS server should now be ready to connect with the example SP.