openstack-ansible/doc/source/install-guide/configure-federation-idp-adfs.rst

Home OpenStack-Ansible Installation Guide

Configuring ADFS 3.0 as an identity provider

To install Active Directory Federation Services (ADFS):

• Prerequisites for ADFS from Microsoft Technet
• ADFS installation procedure from Microsoft Technet

Configuring ADFS

1. Ensure the ADFS Server trusts the service provider's (SP) keystone certificate. We recommend to have the ADFS CA (or a public CA) sign a certificate request for the keystone service.

2. In the ADFS Management Console, choose Add Relying Party Trust.

3. Select Import data about the relying party published online or on a local network and enter the URL for the SP Metadata ( for example, https://<SP_IP_ADDRESS or DNS_NAME>:5000/Shibboleth.sso/Metadata)

   Note

   ADFS may give a warning message. The message states that ADFS skipped some of the content gathered from metadata because it is not supported by ADFS

4. Continuing the wizard, select Permit all users to access this relying party.

5. In the Add Transform Claim Rule Wizard, select Pass Through or Filter an Incoming Claim.

6. Name the rule (for example, Pass Through UPN) and select the UPN Incoming claim type.

7. Click OK to apply the rule and finalize the setup.

References

• http://blogs.technet.com/b/rmilne/archive/2014/04/28/how-to-install-adfs-2012-r2-for-office-365.aspx
• http://blog.kloud.com.au/2013/08/14/powershell-deployment-of-web-application-proxy-and-adfs-in-under-10-minutes/
• https://ethernuno.wordpress.com/2014/04/20/install-adds-on-windows-server-2012-r2-with-powershell/

---