7 procedure 7: modify adfs microsoft metadata, 0 activid appliance configuration, Procedure 7: modify adfs microsoft metadata – HID Microsoft ADFS and ActivID AS using SAML User Manual

ActivID Appliance 7.2 and AD FS | integration Handbook | ADFS

External Release | © 2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.

Page 18

3.7

Procedure 7: Modify ADFS Microsoft Metadata

AD FS must be able to attribute values within the response to an authentication request before it can authorize
access via the Internet. You can configure these attributes for the ActivID Appliance.

Note: The ActivID Appliance IDP only returns the configured attribute values within the assertion if
the AD FS SAML Authentication request contains a reference to the index. That is why it is necessary

to add this attribute (

isDefault=”true”

) in the AD FS Microsoft metadata.

The following snippets are examples for the attributes '

mail'

, and '

firstname'

:

Sample Service

An example service that requires a human-readable identifier and
optional name and e-mail address.

Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />

Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />

4.0

ActivID Appliance Configuration

This chapter describes how to configure the ActivID Appliance.

Important: You will use the ActivID Appliance Management Console and the ActivID Appliance
Configurer to perform these procedures. This chapter only provides a summary of steps. For complete
details, please have the following technical documents on hand for easy reference:

• ActivID Appliance Identity Provider Solution Guide

• ActivID Appliance Administrator Guide: Management Console

• ActivID Appliance Administrator Guide: Configurer Portal