Create a Relying Party Trust

Updated

On this page

After creating a SAML app, create a relying party trust in the Active Directory Federated Service (AD FS) Management console.

Procedure

  1. In the AD FS Management console, from the left navigation pane, navigate to AD FS > Trust Relationships.

  2. Right-click Relying Party Trusts, and then click Add Relying Party Trust.

    The Welcome page of the Add Relying Party Trust Wizard window appears.

  3. Click Start.

  4. On the Select Data Source page, click Import data about the relying party from a file.

  5. In the Federation metadata file location box, browse to the location of the SP metadata that you placed on the AD FS machine.

  6. Click Next.

  7. Continue to go through the wizard, referring to Microsoft documentation to configure additional features such as multi-factor authentication and issuance authorization rules.

  8. After you complete the wizard, click Close.

    The Edit Claim Rules dialog box appears.

  9. On the Issuance Transform Rules tab, click Add Rule.

    The Select Rule Template page of the Add Transform Claim Rule Wizard window appears.

  10. From the Claim rule template list, click Send LDAP Attributes as Claims.

  11. Click Next.

    The Configure Rule page appears.

  12. In the Claim rule name box, enter a name for the rule.

  13. From the Attribute store list, click Active Directory.

  14. In the Mapping of LDAP attributes to outgoing claim types table, add the LDAP attribute and the outgoing claim type:

    1. From the LDAP Attribute list, select Email Addresses.

    2. From the Outgoing Claim Type list, select Name ID.

      Note: For Active Directory users who log in using SAML, the user name is extracted from the Active Directory configured in the Commvault software. Therefore, creating the E-mail-Address claim configuration is sufficient.

      After the user is authenticated at IDP, AD FS sends user details in the following format:

      <Subject>

      <NameID>jdoe@commvault.com</NameID>

      <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">

      <SubjectConfirmationData

      InResponseTo="cv_2b7095fd-d3c4-4335-a5be-889269e6ac85"

      NotOnOrAfter="2020-06-25T06:27:12.549Z"

      Recipient="https://johndoe.idcprodcert.loc:443/webconsole/samlAcsIdpInitCallback.do?samlAppKey=MzVENDBGQzUwRUUyNEU2" />

      </SubjectConfirmation>

      </Subject>
  15. Click Finish, and then click OK.