Setting up a Relying Party Trust for the ID vault server on ADFS 4.0

Use this procedure to set up a Relying Part Trust in ADFS 4.0 for Domino ID vault servers, required for Notes or Web federated login.

Procedure

  1. From ADFS, select Start > Server Manager > AD FS Management.
  2. Navigate to the Relying Party Trusts folder.
  3. Select Action > Add Relying Party Trust.
  4. Click Start to run the Add Relying Party Trust wizard.
  5. Click Under Welcome, select Claims-aware.
  6. In the Select Data Source window select Import data about the relying party from a file, select the ServiceProvider.xml file that you exported from the corresponding Web server IdP configuration document. Then, click Next.
    Note: When you import from the ServiceProvider.xml file, values for Steps 6 - 10 are populated automatically. If you select Enter data about the relying party manually, you enter these values yourself.
  7. In the Select Display Name window, enter a Display name to represent the service provider, for example, Domino Renovations Vault. Click Next.
  8. In the Choose Access Control Policy window, select the level of access to allow, and click Next.
  9. In the Ready to Add Trust window, click Next.
  10. The Finish window displays the message The relying party trust was successfully added. In that window, select the optionConfigure claims issuance policy for this application and click Close.
  11. Right-click the name of the Relying Party Trust that you created, and select Edit Claims Issuance Policy
  12. In the Edit Claims Rules dialog, click Add Rule.
  13. In the Select Rule Template dialog, for Choose Rule Type, select Send LDAP Attributes as Claims, and click Next.
  14. Complete the Configure Rule dialog box:
    1. For Claim rule name, enter EmailAddressToNameID.
    2. For Attribute store, select Active Directory.
    3. For LDAP Attribute, select E-Mail-Addresses.
    4. For Outgoing Claim Type, select Name ID.
    5. Click Finish.
  15. In the Edit Claim Rules dialog, click Apply and OK.
  16. In the AD FS Trust Relationships > Relying Party Trusts folder:
    1. Right-click the new relying party trust that you created for Domino and select Properties.
    2. Click the Endpoints tab.
    3. For SAML Assertion Consumer Endpoints, verify that there is a POST binding URL for Domino. In addition, if there is an Artifact binding URL, remove it because Domino only uses POST binding.

      Endpoints POST binding URL for Domino web server