To set this up, you’ll need to provision a new “Relaying Party Trust” in the “AD FS Management” tool on your windows server.
First, you’ll need download and keep handy the request signing certificate for Stax,
This can be found here.
You'll also need your relying party trust identifier and callback URL as provided by the stax team.
Once open, please:
- In the right sidebar, click “Add Relying Party Trust”
- Choose “Claims aware” and press “Start”.
- Press "Enter data about the relying party manually" and then next.
- Choose an appropriate name (e.g. “Stax Spotlight ADFS”) and press Next.
- Press “Next” without specifying an encryption certificate.
- Check "Enable support for SAML 2.0 WebSSO Protocol", and put the callback url we've provided to you. Press "Next"
- Enter your relying party trust identifier, press “add” and then “next”
- Choose what level of access you wish to allow, e.g. “Permit everyone” or just "Permit specific group", Press "Next".
- Click next, And ensure the “Configure claims issuance policy” is checked before continuing.
- Click close.
- On the right side of the screen, click “Edit Claim Issuance Policy”
- Click “Add Rule”
- Ensure “Send LDAP Attributes as Claims” is selected and press next
- Give the policy a name, select “Active Directory” for the store then set up a mapping like so:
- Map LDAP “E-Mail-Addresses” to outgoing “E-Mail Address”
- Map LDAP “Display-Name” to outgoing “Name”
- Map LDAP “User-Principal-Name” to outgoing “Name ID”
- Map LDAP “Given-Name” to outgoing “Given Name”
- Map LDAP “Surname” to outgoing “Surname”
- Click “Finish”, "Apply", then "OK"
- Select your Relying Party Trust, and click “Properties” on the right side.
- Choose the “Signature” tab
- Click “Add”, and browse to the provided certificate for Stax.
- Hit "Add" and then "Apply".
Once that’s configured, you’ll need to send us your Federation Metadata XML url, and we’ll configure it on our side and test with you.
IF you wish to set up role-based access, Please get in touch with support and we'll work with you to pass through custom claims and map them on our side.