Step 2: Set up ADFS (Active
Directory Federated Services) for Clearooms
- Open AD FS Management on your ADFS
- Right-click Relying party trusts and
select Add relying party trust.
- Click Start on the welcome step.
- In the step Select data source, choose Enter
data about the relying party manually and click Next.
- Enter a Display name e.g. Clearooms
Login and click Next.
- In the step Choose profile, choose AD
FS profile with SAML 2.0 and click Next.
- Click Next on the Configure
certificate step without choosing any certificate.
- Select Enable support for the SAML 2.0 SSO
Web SSO prototcol.
- Enter the Reply URL from Step 1 as the login
URL and click Next.
- Enter Enter the Metadata URL from Step 1 as a Relying party trust identifier.
- Click Next until you reach the Finish
- Choose Open the Edit Claim Rules dialog for
this relying party trust when the wizard closes and click Close.
This will launch the Edit Claim Rules window.
- In the Edit Claim Rules window, click Add
rule, choose Send LDAP Attributes as Claims as the Claim
rule template and click Next.
- Enter Clearooms Attributes as Claim
rule name and choose Active Directory as the Attribute store.
Map the LDAP Attribute Given-Name to givenname, Surname
to Surname, E-Mail Addresses to emailaddress and click Finish.
- Click Add rule again in the Edit Claim
Rules window, choose Transform an Incoming Claim as the Claim
rule template, and click Next.
- Enter NameIDClearooms as the Claim
rule name, choose E-Mail Address as Incoming claim type,
Name ID as the Outgoing claim type, Email as the outgoing
name ID format, select Pass through all claim values, and click
- Make sure the rule Clearooms Attributes
is above the rule NameIDClearooms in the Edit Claim Rules
- In the AD FS Management window, right-click on
the Relying party for Clearooms and choose properties. Select the Advanced
tab and choose SHA-256 as the Secure hash algorithm.
- In the AD FS Management window, navigate to Services
and then to Certificates. Right click on the Token-signing
certificate and choose View certificate... and export it as a
Base-64 encoded X.509 certificate. You'll need to open the certificate in
a text editor and copy/paste the content in the field Certificate data in Clearooms
as detailed in Step 3.