You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

A replying party application is a web application that relies on an ADFS server to authenticate an user's identity. In other words, it relies on the ADFS server's claim for authentication. In order for an ADFS server to support a web application, you need to add the web application as a Relying Party Application in the Relying Party Trust. Of cause, the preamble is that the web application is a Claim-Aware application. How to make an web application claim aware is beyond the scope of this document.

Open up the ADFS Management console and right-click on "Relying Party Trusts" then "Add Relying Party Trust."

Click start in the first screen, then you'll see the "Welcome" screen.

On the "Welcome" step is where we'll specify the location for the federation metadata document. You can either provide the URL to the Relying Party's Federation metadata document or import data about the relying party. 

Please note that If the certificate you used in the app isn't trusted by the ADFS server, and you use the Import data about the relying party published online or on a local network option, it will fail. So, you must either trust the self-signed SSL cert on the ADFS server or use the Import data about the relying party from a file option.

Notice that we had to use the UNC path to the file, instead of the URL. If the federation metadata isn't published or available, this is also a valid way to configure the relying party trust.

Now, Click next.

On the following screen, enter a descriptive name for the application, as well as any notes on why this particular relying party trusts exists (process owner, app owner, related processes, etc).

Click Next.

On the "Choose Issuance Authorization Rules" screen, make sure Permit all users to access the relying party is selected. If you didn't want users to have access, you could deny all by default, then go back and add "Allow" rules after. 

On the "Ready to Add Trust" screen, review the settings and click Next.

Finally, click Close. Congratulations, you've configured the relying party trust!