Active Directory Federation Services Configuration

Perform the following steps to configure SafeNet IDPV in ADFS:

• Adding the IDPV Server application

• Adding Web APIs

• Mapping claims for SafeNet IDPrime Virtual

Adding the IDPV Server Application

Perform the following steps to add an IDPV Server application in Active Directory Federation Services (ADFS):

1. Log in to the ADFS admin console.

2. Right-click on Application Groups and select Add Application Group.

   

3. On Add Application Group wizard, perform the following steps:

   1. On the Welcome page, perform the following steps:

      1. In the Name field, enter a name for the application group.
      2. Under Template > Standalone application, select Server Application.
      3. Click Next.

      

   2. On the Server application Properties page, perform the following steps:

      1. From the Client id field, copy the client identifier. You will need the client identifier while configuring the Web API.
      2. In the Redirect URI field, enter a valid redirect URL to which a user will be redirected after successful authentication.
      3. Click Next.

      

   3. On the Configure Application Credentials page, perform the following steps:

      1. Select the Generate a Shared Secret checkbox, and click Copy to Clipboard to copy the shared secret.
      2. Click Next.

      

   4. On the Summary page, click Next.

      

   5. On the Complete page, click Close.

Adding Web APIs

Perform the following steps to add Web APIs:

1. On the ADFS admin console, right-click on application group (for example, IDPV), and select Properties.

   

2. On the IDPV Properties window, click Add application.

   

3. On the Add a new application to IDPV wizard, perform the following steps:

   1. On the Welcome page, under Template, select Web API, and click Next.

      

   2. On the Configure Web API page, perform the following steps:

      1. In the Identifier field, enter the identifier that you copied earlier in step 3(b)(i) of Adding the IDPV Server Application, and click Add.
      2. Click Next.

      

   3. On the Apply Access Control Policy page, select a policy as per your preferred configuration, and click Next.

      

   4. On the Configure Application Permissions page, under Permitted scopes, select allatclaims and openid claims, and click Next.

      

   5. On the Summary page, click Next.

      

   6. On the Complete page, click Close.

Mapping Claims for SafeNet IDPrime Virtual

You need to add claim transform rules for SafeNet IDPV. Perform the following steps:

1. On the AD FS admin console, right-click on application group (for example, IDPV), and click Properties.

   

2. On the IDPV Properties window, under Applications > Web API, select IDPV - Web API, and click Edit.

   

3. On the IDPV – Web API Properties window, go to the Issuance Transform Rules tab, and click Add Rule.

   

4. On Add Transform Claim Rule Wizard, perform the following steps:

   1. On the Choose Rule Type page, under Claim rule template, select Send LDAP Attributes as Claims, and click Next.

      

   2. On the Configure Claim Rule page, perform the following steps:

      1. In the Claim rule name field, enter a name for the claim rule.
      2. In the Attribute store field, select Active Directory.
      3. Under Mapping of LDAP attributes to outgoing claim types, map LDAP attributes with Outgoing claim types as shown in the screenshot below.

      

      The Token-Groups – Qualified by Domain claim name provides groups in following format. So, the Idp-configuration.json file needs to be modified according to the resultant group format.
      
      The Token-groups – Unqualified Names Claim name provides groups in following formats.
      

5. Click Apply.

   

6. Click OK.

   

7. Click Finish.