/
Configuring EmpowerID as an Identity Provider for ADFS

Configuring EmpowerID as an Identity Provider for ADFS

Owned by Phillip Hanegan
Last updated: Jan 03, 2025
3 min read

Procedure

  1. In EmpowerID, create a new WS-Federation Connection, i.e. Adfs.

  2. The Reply To Address should point to your ADFS WS-Federation Passive Protocol URL, i.e. https://empowersso.com/adfs/ls/.

  3. In the ADFS-Like Token Details, select Is ADFS Token? and specify the full URL to the current WS-Federation Connection endpoint (the one you’re creating now) as the Issuer, i.e. https://sso.empowersso.com/WebIdPWsFederation/Login/Adfs.

  4. Populate the rest of the WS-Federation Connection form, including selecting a Signing Certificate, and click Save to create the Adfs WS-Federation Connection.



  5. Recycle IIS and proceed to the next steps in ADFS.

  6. In ADFS, right-click on the Claims Provider Trusts node and select Add Claims Provider Trust from the context menu.

     

  7. In the Add Claims Provider Trust Wizard that appears, click Start, select Enter claims provider trust data manually and then click Next to continue.

     

  8. Enter a display name for the EmpowerID trust relationship, such as EmpowerID IDP, and click Next to continue.

     

  9. Under Configure URL, in the Claims provider WS-Federation Passive URL field, enter the URL of the EmpowerID WS-Federation Passove endpoint, such as https://sso.empowersso.com/WebIdPWsFederation/Login/Adfs, and then click Next to continue.

     

  10. Leave the Claims provider trust identifier field unchanged (or if it is empty, specify the EmpowerID WS-Federation Passive endpoint, such as https://sso.empowersso.com/WebIdPWsFederation/Login/Adfs, and click Next to continue.

     

  11. Export the Public Key of the Certificate associated with the ADFS WS-Federation Connection created in EmpowerID and import the certificate in to ADFS using the Add button.

     

  12. Browse for the certificate and then click Next through the wizard to complete the setup.

     

  13. In the Edit Claim Rules window that appears, click Add Rule to add rules to passthrough or transform claims.

  14. To passthrough all Claims, select Custom Rule and in the custom role textbox, add c:[] => issue(claim=c); This rule forwards all claims received from EmpowerID to ADFS Relying Parties.

     

  15. Click Finish.