A little help on how to configure using ADFS 2.0
andacu opened this issue · 1 comments
Hi
I'm trying to integrate SSO for my Symfony 2 application. Our app should act as Service Provider and the authentication should be handled from our Active Directory ADFS server.
I already installed the latest bundle "lightsaml/sp-bundle":"^1.1" and configured the required classes as per the instruction.
So far the application is already redirecting to the /saml/login and /saml/discovery and the page displays all the available IDP's.
But I'm just confused on how/what to set the configuration based from the information that was gaven to me from our IDP. BTW our IDP I think is ADFS 2.0
Our IDP provided the following
- Federation Metadata xml - which I downloaded and path it in the idp party config as follows;
party:
idp:
files:
- "%kernel.root_dir%/../src/AppBundle/Security/LightSAML/federationmetadata.xml"
- Token signing certificate - where shoud I set use this in the config?
-----BEGIN CERTIFICATE-----
MIIDADCCAeigAwIBAgIQBLAHBLAHBLAH...
-----END CERTIFICATE-----
-
Entity ID URI - where should I set this in the config?
http://fs2.federation.net/adfs/services/trust -
Login URL (For System Configuration)
https://fs2.federation.net/adfs/ls/idpinitiatedsignon.aspx -
Login URL (Clickable, can be used for user login)
https://fs2.federation.net/adfs/ls/idpinitiatedsignon.aspx?logintorp=<YOUR-URN> -
Logout URL
https://fs2.federation.net/adfs/ls/?wa=wsignout1.0
Now, they are also asking us to provide the following informations;
-
What federation protocol do you support? I choose "SAML 2.0" againts "WS-Federation".
-
Please list relying party Identifier’s. This may include a URN, URL or both.
What shoud I provide to them? Our application base URL? -
Please list any Claims (assertion attributes) which you will require from us.
For example Email Address sent as NameIDAttribute | Set as
Thank You