Configuring ADFS
The connection between ADFS and Security Journey is defined using a Relying Party Trust (RPT).
Add a New Relying Party Trust
To add a relying party trust to the ADFS configuration, perform the following:
Select the Relying Party Trusts folder from ADFS Management and add a new Standard Relying Party Trust. This starts the configuration wizard for a new trust.
Click Start. The Select Data Source screen is displayed.
Select the last option, Enter Data About the Party Manually and click Next. The Specify Display Name screen is displayed.
Enter the Display Name as Security Journey.
You can also enter any notes that you want to make.
Click Next. The Choose Profile screen is displayed.
Select the ADFS 2.0 profile option and click Next. The Configure Certificate screen is displayed.
Leave the default setting and click Next. The Configure URL screen is displayed.
Select the last option, Enable Support for the SAML 2.0 WebSSO protocol.
Add the following:
https://auth.hackedu.com/saml2/idpresponse
Click Next. The Configure Identifiers screen is displayed.
Add the following:
urn:amazon:cognito:sp:us-east-1_CHi5tsM8X
, into the Relaying party identifier field and click Add. Then click Next.
In the Configure Multifactor Authentication screen, leave the default setting and click Next. The Issuance Authorization Rules screen is displayed.
Select the first option, Permit all users to access the relying party. Click Next.
Then The Ready to Add Trust screen is displayed. This displays an overview of your settings. There should be no action needed. Click Next.
You can leave the default settings as is and click Close to exit.
This last action opens the Claim Rules editor. By default the Claim Rule Editor opens once you created the relying party trust.
Create Claims
To create a new rule, click Add Rule. The Select Rule Template screen is displayed.
Select the Send LDAP Attributes as Claims template from the Claim rule template drop-down. The Edit Rule dialog is displayed.
Enter a Claim rule name (i.e. Rule 1),
Select Active Directory from the Attribute store drop-down.
Now map the following attributes to the rule:
From the first LDAP Attribute column, select SAM-Account-Name
From the first Outgoing Claim Type, select Windows account name
From the second LDAP Attribute column, select E-Mail Address
From the second Outgoing Claim Type, select E-Mail Address
Click OK to save the new rule.
From the Claim Rule Editor, click Add Rule to add another rule. The Select Rule Template screen is displayed.
This time select the Transform an Incoming Claim template from the Claim rule template drop-down. The Configure Rule dialog is displayed.
Enter a Claim rule name (i.e. Rule 2),
Select Active Directory from the Attribute store drop-down.
Now define the following attributes to the rule:
From the Incoming claim type drop-down, select E-Mail Address
From the Outgoing claim type drop-down, select Name ID
From the Outgoing name ID format drop-down, select E-Mail
Leave the default Pass through all claim values setting.
Click OK to save the new rule. The rule order should look similar to the following example.
Click OK again to finish creating rules.
Security Journey does provide the ability to bypass login by specifying your company's domain in the URL: https://my.securityjourney.com/?domain=customerdomain.com
Download the SAML metadata document for your ADFS federation server from the following address: https://[yourservername]/FederationMetadata/2007-06/FederationMetadata.xml
You will upload this metadata.xml here.