Setting up a Relying Party Trust for the ID vault server used by Nomad federated login

After you create the IdP configuration document for Nomad federated login and export the ServiceProvider.xml file, set up a relying party trust for your IdP to import the ServiceProvider.xml file into your IdP.

About this task

The steps vary by IdP. The following procedure provides an example for Active Directory Federation Services (ADFS) 4.0.

Procedure

  1. From ADFS, select Start > Server Manager > AD FS Management.
  2. Navigate to the Relying Party Trusts folder.
  3. Select Action > Add Relying Party Trust.
  4. Click Start to run the Add Relying Party Trust wizard.
  5. Click Under Welcome, select Claims-aware.
  6. In the Select Data Source window select Import data about the relying party from a file, select the ServiceProvider.xml file that you exported from the IdP configuration document. Then, click Next. Items imported from the .xml file are shown. You can edit these items.
    • Some items are not supported by ADFS; the system sends a message in this case.
    • Display name is used to identify the relying party trust.
    • Default permissions are set to Permit Everyone.
  7. The Finish window displays the message The relying party trust was successfully added. In that window, select the option Configure claims issuance policy for this application and click Close.
  8. Right-click the name of the Relying Party Trust that you created, and select Edit Claims Issuance Policy
  9. In the Edit Claims Rules dialog, click Add Rule.
  10. In the Select Rule Template dialog, for Choose Rule Type, select Send LDAP Attributes as Claims, and click Next.
  11. Complete the Configure Rule dialog box:
    1. For Claim rule name, enter EmailAddressToNameID.
    2. For Attribute store, select Active Directory.
    3. For LDAP Attribute, select E-Mail-Addresses.
    4. For Outgoing Claim Type, select Name ID.
    5. Click Finish.
  12. In the Edit Claim Rules dialog, click Apply and OK.
  13. In the AD FS Trust Relationships > Relying Party Trusts folder:
    1. Right-click the new relying party trust that you created and select Properties.
    2. Click the Endpoints tab.
    3. For SAML Assertion Consumer Endpoints, verify that there is a REDIRECT binding URL for the Nomad Safelinx server. In addition, if there is an Artifact binding URL, remove it.
      Note: If you use the notes.ini setting SAML_REDIRECT_BINDING_SIGN=0 to enable POST binding, verify the POST binding URL for Domino.

      Endpoints REDIRECT binding URL for Nomad SafeLinx server

What to do next

Complete the procedure Enabling Nomad federated login.