This document provides instructions for creating an application within ADFS for compatibility with BloodHound Enterprise. For general instructions on adding a SAML provider to BloodHound Enterprise or for configuring users to utilize a SAML provider, see SAML in BloodHound Enterprise.
See SAML Order of Operations and Quick Reference before starting.
Create an Application
- In the AD FS management console, right-click on Relaying Party Trust and click “Add Relaying Party Trust”.
- Choose “Claims aware” and click “Start”.
- Insert the metadata URL based on your chosen name and click “Next.”
- Enter the preferred display name and click “Next.”
- Choose the desired Access Control Policy. (Note that access and permissions are configured within BloodHound Enterprise).
- Review the information presented and click “Next”.
- Leave the “Configure claims issuance policy for this application” box checked and click “Close”.
Complete SAML Integration Configuration
- On the “Edit Claim Issuance Policy” dialog box, click “Add Rule…”.
- Choose “Send LDAP Attributes as Claims” and click “Next.
- Fill out the following and click “Finish”.
LDAP Attribute: E-Mail-Addresses
Outgoing Claim Type : E-Mail Address - Click “Add Rule” to add another claim rule.
- Choose “Transform and Incoming Claim” and click “Next”.
- Fill out the following and click “Finish”.
Incoming claim type: E-Mail Address
Outgoing claim type: Name ID
Outgoing name ID format: Email
Choose “Pass through all claim values” - Click “Apply”.
- Download the metadata file provided by your ADFS environment. By default, this is hosted at: https://YOURDOMAIN/federationmetadata/2007-06/federationmetadata.xml
- Follow the instructions at SAML in BloodHound Enterprise to create the SAML provider in BloodHound Enterprise.
Updated