SAML: ADFS Configuration

This article applies to BHCE and BHE

This document provides instructions for creating an application within ADFS for compatibility with BloodHound Enterprise. For general instructions on adding a SAML provider to BloodHound Enterprise or for configuring users to utilize a SAML provider, see SAML in BloodHound Enterprise.

See SAML Order of Operations and Quick Reference before starting.

Create an Application

  1. In the AD FS management console, right-click on Relaying Party Trust and click “Add Relaying Party Trust”.
    mceclip0.png
  2. Choose “Claims aware” and click “Start”.
    mceclip1.png
  3. Insert the metadata URL based on your chosen name and click “Next.”
    mceclip2.png
  4. Enter the preferred display name and click “Next.”
    mceclip3.png
  5. Choose the desired Access Control Policy. (Note that access and permissions are configured within BloodHound Enterprise).
    mceclip4.png
  6. Review the information presented and click “Next”.
    mceclip5.png
  7. Leave the “Configure claims issuance policy for this application” box checked and click “Close”.
    mceclip6.png

Complete SAML Integration Configuration

  1. On the “Edit Claim Issuance Policy” dialog box, click “Add Rule…”.
    mceclip7.png
  2. Choose “Send LDAP Attributes as Claims” and click “Next.
    mceclip8.png
  3. Fill out the following and click “Finish”.

    LDAP Attribute: E-Mail-Addresses
    Outgoing Claim Type : E-Mail Address

    mceclip9.png
  4. Click “Add Rule” to add another claim rule.
    mceclip10.png
  5. Choose “Transform and Incoming Claim” and click “Next”.
    mceclip11.png
  6. Fill out the following and click “Finish”.

    Incoming claim type: E-Mail Address
    Outgoing claim type: Name ID
    Outgoing name ID format: Email
    Choose “Pass through all claim values”
    mceclip12.png
  7. Click “Apply”.
    mceclip13.png
  8. Download the metadata file provided by your ADFS environment. By default, this is hosted at: https://YOURDOMAIN/federationmetadata/2007-06/federationmetadata.xml
  9. Follow the instructions at SAML in BloodHound Enterprise to create the SAML provider in BloodHound Enterprise.

Updated