ADFS SAML Authentication Connector

ADFS SAML Authentication Connector allows mobile apps to authenticate using existing Enterprise Active Directory. This is very important when enterprises wish to use Single Sign On for all their applications. Active Directory can be hosted on Linux or Windows servers.

To add an ADFS SAML Authentication Connector to your app, follow these steps:

  • Go to the Connections sub-menu
  • Click Add New button
  • Click the ADFS SAML Authentication Connector button
  • Fill in the required fields:

Fill in All the Required Fields

Settings Required Description
Connector Name Yes User defined connection name
ADFS Endpoint URL Yes  the Federation Service endpoint Uniform Resource Locator (URL) is the single location, or “public URL,” that is used to contact all federation servers in a server farm.
Relying Party Trust Identifier Yes This identifier is used to identify the relying party to this Federation Service. It is used when issuing claims to the relying party.
ADFS Endpoint Type No ADFS Endpoint Type. Options are: WS-Trust 2005, WS-Federation Passive / SAML Web SSO, Federation Metadata, SAML Artifact resolution,  WS-Trust WSDL, Default ‘WS-Trust 1.3’
Signing certificate from No Base 64 encoded certificate for validating signed SAML responses.
Token Encryption Private Key No Base 64 encoded private key required for decrypting the SAML assertions if applicable.
Enable signature verification No If true, signature in SAML assertion is verified for avoiding MIM attacks. Default: true.
Extra Claims To Include No Comma separate list of claims to include in addition to the default claims required by connector.
Include All Claims No If true, all claims (other than the required claims) are included. Ignores the `Extra Claims To Include` parameter. Default: true
User principal name claim identifier No Provide if not using the default (i.e. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn).
Name claim identifier No Provide if not using the default (i.e. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name).
Email Address claim identifier No Provide if not using the default (i.e. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress).
Given Name claim identifier No Provide if not using the default (i.e. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname).
Middle name claim identifier No Provide if not using the default (i.e. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/middlename).
Surname claim identifier No Provide if not using the default (i.e. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname).
Group claim identifier No Provide if not using the default (i.e. http://schemas.xmlsoap.org/claims/Group).
Role claim identifier No Provide if not using the default (i.e. http://schemas.microsoft.com/ws/2008/06/identity/claims/role).

 

  • Test the connection
  • Save the connection

The ADFS SAML Authentication Connector has been successfully added to your app.