ADFS Set up instructions

Step 2: Set up ADFS (Active Directory Federated Services) for Clearooms

  1. Open AD FS Management on your ADFS server.
  2. Right-click Relying party trusts and select Add relying party trust.
  3. Click Start on the welcome step.
  4. In the step Select data source, choose Enter data about the relying party manually and click Next.
  5. Enter a Display name e.g. Clearooms Login and click Next.
  6. In the step Choose profile, choose AD FS profile with SAML 2.0 and click Next.
  7. Click Next on the Configure certificate step without choosing any certificate.
  8. Select Enable support for the SAML 2.0 SSO Web SSO prototcol.
  9. Enter the Reply URL from Step 1 as the login URL and click Next.
  10. Enter Enter the Metadata URL from Step 1 as a Relying party trust identifier.
  11. Click Next until you reach the Finish step.
  12. Choose Open the Edit Claim Rules dialog for this relying party trust when the wizard closes and click Close. This will launch the Edit Claim Rules window.
  13. In the Edit Claim Rules window, click Add rule, choose Send LDAP Attributes as Claims as the Claim rule template and click Next.
  14. Enter Clearooms Attributes as Claim rule name and choose Active Directory as the Attribute store. Map the LDAP Attribute Given-Name to givenname, Surname to Surname, E-Mail Addresses to emailaddress and click Finish.
  15. Click Add rule again in the Edit Claim Rules window, choose Transform an Incoming Claim as the Claim rule template, and click Next.
  16. Enter NameIDClearooms as the Claim rule name, choose E-Mail Address as Incoming claim type, Name ID as the Outgoing claim type, Email as the outgoing name ID format, select Pass through all claim values, and click Finish.
  17. Make sure the rule Clearooms Attributes is above the rule NameIDClearooms in the Edit Claim Rules window.
  18. In the AD FS Management window, right-click on the Relying party for Clearooms and choose properties. Select the Advanced tab and choose SHA-256 as the Secure hash algorithm.
  19. In the AD FS Management window, navigate to Services and then to Certificates. Right click on the Token-signing certificate and choose View certificate... and export it as a Base-64 encoded X.509 certificate. You'll need to open the certificate in a text editor and copy/paste the content in the field Certificate data in Clearooms as detailed in Step 3.