You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Configuring EmpowerID as an Identity Provider for ADFS

  1. In EmpowerID, create a new WS-Federation Connection, i.e. Adfs.
  2. The Reply To Address should point to your ADFS WS-Federation Passive Protocol URL, i.e. https://empowersso.com/adfs/ls/.
  3. In the ADFS-Like Token Details, select Is ADFS Token? and specify the full URL to the current WS-Federation Connection endpoint (the one you’re creating now) as the Issuer, i.e. https://sso.empowersso.com/WebIdPWsFederation/Login/Adfs.




  4. Populate the rest of the WS-Federation Connection form similar to as shown below including selecting a Signing Certifcate and click Save to create the Adfs Ws-Federation Connection.

    Please note that in some instances of ADFS, the Trust Identifier URI may be your ADFS WS-Federation Passive Protocol URL, i.e. https://empowersso.com/adfs/ls instead of the https://empowersso.com/adfs/services/trust.




  5. Recycle IIS and proceed to the next steps in ADFS.
  6. In ADFS, right-click on the Claims Provider Trusts node and from the context menu, select Add Claims Provider Trust.



  7. In the Add Claims Provider Trust Wizard that appears, click Start, select Enter claims provider trust data manually and then click Next to continue.



  8. Enter a display name for the EmpowerID trust relationship, such as EmpowerID IDP, and click Next to continue.



  9. Under Configure URL, in the Claims provider WS-Federation Passive URL field, enter the URL of the EmpowerID WS-Federation Passove endpoint, such as https://sso.empowersso.com/WebIdPWsFederation/Login/Adfs, and then click Next to continue.



  10. Leave the Claims provider trust identifier field unchanged (or if it is empty specify the EmpowerID WS-Federation Passive endpoint, such as https://sso.empowersso.com/WebIdPWsFederation/Login/Adfs, and click Next to continue.



  11. Export the Public Key of the Certificate associated with the ADFS WS-Federation Connection created in EmpowerID and import the certificate in to ADFS using the Add button.



  12. Browse for the certificate and then click Next through the wizard to complete the setup.



  13. In the Edit Claim Rules window that appears, click Add Rule to add rules to passthrough or transform claims.
  14. To passthrough all Claims, select Custom Rule and in the custom role textbox, add c:[] => issue(claim=c); This rule forwards all claims received from EmpowerID to ADFS Relying Parties.

    {style

  15. Click Finish.

    You may create claim rules to transform EmpowerID claims to those appropriate to ADFS Relying Parties as necessary.