-1

I follow chapter 12.0 instructions about using spring with adfs as IdP from here : http://docs.spring.io/autorepo/docs/spring-security-saml/1.0.x-SNAPSHOT/reference/htmlsingle/#chapter-idp-guide

And I can successfully login the appliation with the first ADFS. But I will fail if used the other account in the other ADFS as claims provider of first one.

I also found seems there's someone found solution described on Configuring ADFS 3.0 / SAML 2.0 to work with Spring Security for SSO integration

But I can't get the detail... Back to the document and only found Add NameID as "Claim rule name", choose "Active Directory" as Attribute store, choose "SAM-Account-Name" as LDAP Attribute and "Name ID" as "Outgoing claim type", finish the wizard and confirm the claim rules window, in ADFS 3.0 you might need to configure the Name ID as a Pass Through claim

Does anyone can provide how to configure the Name ID as a Pass Through claim for spring saml extension in detail?

Thanks in advanced.

Community
  • 1
  • 1
陳光禹
  • 1
  • 3

1 Answers1

0

After some research, found a solution eventually.

Need to define claim rules between 2 ADFS. In claims provider ADFS, you need to configure rule in Relying Party Trusts. Add rule "Send LDAP attribute as claims" And Attribute store choose "Active directory" LDAP attribute select "SAN-ACCOUNT-NAME", Outgoing claim choose "Given Name"

In resource party ADFS, you need to configure rule in Claims Provider Trusts. Add rule "Transform an Incoming Claim". And incoming claim type choose "Given Name", Outgoing claim type choose "Name ID", format choose "Unspecified" You also need to configure rule in Relying Party Trusts. Add rule "Pass Through or Filter an Incoming Claim". And Incoming claim type choose "Name ID", format choose "Unspecified"

After these claims rule setting. Then you can login spring saml2 extension project with the account located in trusted ADFS.

陳光禹
  • 1
  • 3