Step 4. Configure Active Directory Federation Services
Step 4. Configure Active Directory Federation Services
Configure AD FS to issue SAML tokens to Informatica web applications.
Use the AD FS Management Console to perform the following tasks:
Add a relying party trust for the domain in AD FS. The relying party trust definition enables AD FS to accept authentication requests from Informatica web applications that run in the domain.
Edit the Send LDAP Attributes as Claims rule to map LDAP attributes in your identity store to the corresponding types used in SAML tokens issued by AD FS.
You provide the name of the relying party trust when you enable SAML authentication in a domain. Depending on your security requirements, you might create multiple relying party trusts in AD FS to enable domains used by different organizations within the enterprise to use SAML authentication.
Informatica recognizes "Informatica" as the default relying party trust name. If you create a single relying party trust with "Informatica" as the relying party trust name, you do not need to provide the relying party trust name when you enable SAML authentication in a domain.
All strings are case sensitive in AD FS, including URLs.
Log in to the AD FS Management Console.
Expand the
Trust Relationships
Relying Party Trusts
folder.
Right-click the
Relying Party Trusts
folder, and then select
Add Relying Party Trust
as shown in the following image:
The
Add Relying Party Trust Wizard
appears.
Click
Start
.
The
Select Data Source
panel appears.
Click
Enter data about the relying party manually
as shown in the following image:
Click
Next
Enter the relying party trust name, and then click
Next
.
Do not include the ? character in the relying party trust name.
Click
AD FS 2.0 profile
as shown in the following image:
Click
Next
.
Skip the certificate configuration panel in the wizard.
Check
Enable support for the SAML WebSSO protocol
, and then enter the complete URL for the Administrator tool, as shown in the following image:
Click
Next
.
Enter the name of the relying party trust in the Relying party trust identifier field. Click
Add
, and then click
Next
.
Select
Permit all users to access the relying party
as shown in the following image:
Click
Next
.
Check
Open the Edit Claim Rules dialog for this relying party trust when the wizard closes
as shown in the following image:
Click
Close
.
The
Edit Claim Rules for Informatica
dialog box appears.
Click
Add Rule
.
The
Add Transform Claim Rule Wizard
opens.
Select
Send LDAP Attributes as Claims
from the menu, as shown in the following image:
Click
Next
.
Enter any string as the claim rule name, as shown in the following image: