Update Integrating_SimpleSAMLphp_with_ADFS_2012R2.md

Integrating_SimpleSAMLphp_with_ADFS_2012R2/Integrating_SimpleSAMLphp_with_ADFS_2012R2.md

@@ -216,31 +216,32 @@ Now that the Service Provider configuration is complete, SimpleSAMLphp creates t
 ![Image4](/Integrating_SimpleSAMLphp_with_ADFS_2012R2/Integrating SimpleSAMLphp with ADFS 2012R2 - lewisroberts.com_html_6cf89600127daca9.png)
 
 
-Testing Authentication
----------------------------------
+# <font face="Arial, sans-serif">Testing Authentication</font>
 
+<font face="Arial, sans-serif">Now that we have configured SimpleSAMLphp as the service provider, ADFS as the IdP, exchanged metadata between the two and configured some basic claims rules. We are now able to test authentication.</font>
 
-Now that we have configured SimpleSAMLphp as the service provider, ADFS as the IdP, exchanged metadata between the two and configured some basic claims rules. We are now able to test authentication.
+1.  <font face="Arial, sans-serif">Navigate to the simplesaml web application for our site https://sso.lewisroberts.com/simplesaml then select the</font> **<font face="Arial, sans-serif">Authentication</font>** <font face="Arial, sans-serif">tab and click</font> **<font face="Arial, sans-serif">Test configured authentication sources</font>**<font face="Arial, sans-serif">.  
+    ![](Integrating%20SimpleSAMLphp%20with%20ADFS%202012R2%20-%20lewisroberts.com_html_6e2db503c7a40819.png)</font> 
 
-1. Navigate to the simplesaml web application for our site https://sso.lewisroberts.com/simplesaml then select the Authentication tab and click Test configured authentication sources.
+2.  <font face="Arial, sans-serif">Select</font> **<font face="Arial, sans-serif">transishun-sp</font>** <font face="Arial, sans-serif">from the list.  
+    ![](Integrating%20SimpleSAMLphp%20with%20ADFS%202012R2%20-%20lewisroberts.com_html_affe8a2d39ad27ee.png)</font> 
 
-2. Select transishun-sp from the list.
+3.  <font face="Arial, sans-serif">You will be immediately sent off to the ADFS server (or Web Application Proxy depending on how your ADFS farm is configured). Enter your user ID in the format “domain\user” or “user@domain”.  
+    </font>**<font face="Arial, sans-serif">NB</font>**<font face="Arial, sans-serif">: Now, I’ve cheated slightly, I have [enabled Alternate Login ID](https://technet.microsoft.com/en-us/library/dn659436.aspx) so I can sign in with my email address. If you see the article I’ve linked to, Microsoft</font> **<font face="Arial, sans-serif">strongly</font>** <font face="Arial, sans-serif">recommend using the mail attribute for sign in. As they say;</font>_<font face="Arial, sans-serif"><font style="font-size: 10pt" size="2">One of the benefits of this feature is that it enables you to adopt SaaS providers, such as Office 365 with AAD without modifying your on-premise UPNs. It also enables you to support line-of-business service applications with consumer-provisioned identities.</font></font>_<font face="Arial, sans-serif">![](Integrating%20SimpleSAMLphp%20with%20ADFS%202012R2%20-%20lewisroberts.com_html_379b9e352c6417fc.png)</font> 
 
-3. You will be immediately sent off to the ADFS server (or Web Application Proxy depending on how your ADFS farm is configured). Enter your user ID in the format “domain\user” or “user@domain”.
-NB: Now, I’ve cheated slightly, I have enabled Alternate Login ID so I can sign in with my email address. If you see the article I’ve linked to, Microsoft strongly recommend using the mail attribute for sign in. As they say;
-One of the benefits of this feature is that it enables you to adopt SaaS providers, such as Office 365 with AAD without modifying your on-premise UPNs. It also enables you to support line-of-business service applications with consumer-provisioned identities.
+4.  <font face="Arial, sans-serif">Once signed in, you’ll be bounced back to SimpleSAMLphp and shown your claims. If it all went a bit wobbly, double-check everything and then check the Event Viewer for hints as to what could have gone wrong.  
+    ![](Integrating%20SimpleSAMLphp%20with%20ADFS%202012R2%20-%20lewisroberts.com_html_18c29eb37d04a3eb.png)</font> 
 
-4. Once signed in, you’ll be bounced back to SimpleSAMLphp and shown your claims. If it all went a bit wobbly, double-check everything and then check the Event Viewer for hints as to what could have gone wrong.
+5.  <font face="Arial, sans-serif">Click</font> **<font face="Arial, sans-serif">Logout</font>** <font face="Arial, sans-serif">to test this works as expected – this is where the</font> <font face="Arial, sans-serif"><font style="font-size: 10pt" size="2">sign.logout</font></font> <font face="Arial, sans-serif">declaration in the Service Provider configuration becomes relevant. ADFS</font> _<font face="Arial, sans-serif">requires</font>_ <font face="Arial, sans-serif">the logout to be signed.  
+    ![](Integrating%20SimpleSAMLphp%20with%20ADFS%202012R2%20-%20lewisroberts.com_html_e6acf27a085c5342.png)  
+    That looks as though it’s working.</font>
 
-5. Click Logout to test this works as expected – this is where the sign.logout declaration in the Service Provider configuration becomes relevant. ADFS requires the logout to be signed.
+6.  <font face="Arial, sans-serif">Let’s add another claim using the</font> **<font face="Arial, sans-serif">Send Group Membership as a Claim</font>** <font face="Arial, sans-serif">template just to get a little more understanding of what’s happening.  
+    ![](Integrating%20SimpleSAMLphp%20with%20ADFS%202012R2%20-%20lewisroberts.com_html_a85ed89bcf4cd6f1.png)</font> 
 
-6. That looks as though it’s working.
+7.  <font face="Arial, sans-serif">After re-authenticating, we can see the group claim is sent through as well.  
+    ![](Integrating%20SimpleSAMLphp%20with%20ADFS%202012R2%20-%20lewisroberts.com_html_f44f78dbb737e298.png)</font> 
 
-7. Let’s add another claim using the Send Group Membership as a Claim template just to get a little more understanding of what’s happening.
-
-8. After re-authenticating, we can see the group claim is sent through as well.
-
-9. What about our custom PHP application?
 
 Good job you asked, I nearly forgot.