Articles in this section
Setup LC with ADFS as Identity Provider Set up LC to enable ADFS authentication Add LC as relying party on ADFS server Set up SAML Authentication Mapping
Related Articles
Setup LC with ADFS as Identity Provider

Add LC as relying party on ADFS server

Updated 2 years ago /

1.1 Add a trusted relying party

  • Go to ADFS 2.0 Management and click on Add Relying Party Trust.
  • In the wizard, click on start.
  • Select the third options i.e., Enter data about the relying party manually and click next.
  • Enter a display name – example: Learning Center. and click on Next.
  • Select AD FS profile and click Next.
  • Click on Enable support for the WS Federation passive protocol and click Next. Type in the WS-Federation Passive protocol URL with format [External URL] + [/client/] + [Identifier]
  • On the next screen type the identifier “urn:nlctruewarp” and click add.
  • Just retain default selected option on the next screen. 
  • On the Choose Issuance Authorization Rules, select Permit all users to access this relying party and click Next. 
  • Review the configuration and click Next to finish the configuration and click close button.
  • Add another Endpoint.
  • Right click on the Relying Party Trust and click Properties.
  • Go to Endpoints tab
  • Click on Add WS-Federation button and type: [External URL] + [/admin/] + [Identifier]
  • Click Ok.

1.2 Adding Claim Rules

  • Right click the created Relying Party Trust and click on Edit Claim Rules.


    LDAP Claims

  • On the Edit Claim Rules window, click on Add Rule and Choose the rule type Send LDAP Attributes as Claims.

Enter Claim rule name: LDAP, select Active Directory on the Attribute store and add the following mapping and click on finish.

 

Active Directory Group (optional) – Add this if you want to use Roles on NLC Course. For this example: scenario is 1 group for everyone (users+admins) and 1 group for admins. (for users role) Click on Add Rule and choose the rule type Send Group Membership as a Claim.

  • Enter Claim rule name: ex. TrueWarpIT(Users)
  • Click Browse button.
  • Select a group then click OK.
  • On the Outgoing claim type enter: http://schemas.nlc.com/claims/2009/08/group
  • On the Outgoing claim value, enter the group name for users: ex. TWIUsers.
  • Click OK and Finish.
  • Click on Add Rule and choose the rule type Send Group Membership as a Claim. (for admins role)
  • Enter Claim rule name: ex. TrueWarpIT(Admins)
  • Click on Browse. button.
  • Select a group then click OK.
  • On the outgoing claim type enter: http://schemas.nlc.com/claims/2009/08/group
  • On the Outgoing claim value, enter the group name for admins: ex. TWIAdmins.
  • Click Ok and Finish.
  • Click Apply and OK.

Setting Secure Algorithm

  • Right click on the relying party and click properties, go to Advance tab.