Update Integrating_SimpleSAMLphp_with_ADFS_2012R2/Integrating_SimpleSAMLphp_with_ADFS_2012R2.md

Integrating_SimpleSAMLphp_with_ADFS_2012R2/Integrating_SimpleSAMLphp_with_ADFS_2012R2.md

@@ -154,3 +154,63 @@ Navigate to the SimpleSAMLphp installation folder and create a folder called cer
 
 ![Image4](/Integrating_SimpleSAMLphp_with_ADFS_2012R2/Integrating SimpleSAMLphp with ADFS 2012R2 - lewisroberts.com_html_23488ae1952b763f.png)
 
+
+Create the Relying Party Trust in ADFS 2012R2
+-----------------------------------------------
+
+
+Now that the Service Provider configuration is complete, SimpleSAMLphp creates the SAML 2.0 SP metadata that we can use to import in to ADFS.
+
+1. Navigate to the web application’s /simplesaml application and click the Federation tab. As you can see, our previous default-sp configuration (the one we configured for use with Azure AD) is here, but now so is the one I’ve called transishun-sp. If you’re wondering where the heck that URL came from, it’s because we left the entityID  value null  when we specified the SP configuration.
+
+```php
+
+    // The entity ID of this SP.
+
+    // Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
+
+    'entityID' => null
+
+```
+
+![Image4](/Integrating_SimpleSAMLphp_with_ADFS_2012R2/Integrating SimpleSAMLphp with ADFS 2012R2 - lewisroberts.com_html_a9bf9a5fdced9c8d.png)
+
+2. If you wish, click the Show metadata link to see the metadata but before you do, copy the Entity ID: url. We need to give this to ADFS when we configure the Relying Party Trust.
+
+![Image4](/Integrating_SimpleSAMLphp_with_ADFS_2012R2/Integrating SimpleSAMLphp with ADFS 2012R2 - lewisroberts.com_html_3452de7841af7582.png)
+
+3. On your ADFS server, open the ADFS Management console, expand Trust Relationships and select the Relying Party Trusts node. In the Actions pane, click Add Relying Party Trust…
+
+![Image4](/Integrating_SimpleSAMLphp_with_ADFS_2012R2/Integrating SimpleSAMLphp with ADFS 2012R2 - lewisroberts.com_html_ce1793275b448320.png)
+
+4. Click Start then paste the Entity ID url in to the Federation Metadata address field and click Next.
+
+![Image4](/Integrating_SimpleSAMLphp_with_ADFS_2012R2/Integrating SimpleSAMLphp with ADFS 2012R2 - lewisroberts.com_html_fe9d5a39a4e0b01b.png)
+
+5. Accept the warning.
+
+![Image4](/Integrating_SimpleSAMLphp_with_ADFS_2012R2/Integrating SimpleSAMLphp with ADFS 2012R2 - lewisroberts.com_html_babd062bbad4e4b6.png)
+
+6. Next your way through the wizard until you reach the Ready To Add Trust page. Here you’ll want to review the numerous tabs – check the Encryption and Signature tabs have certificates associated with them. Even if they don’t and you’ve not completed the previous section to create the certificates, the RPT can be updated whenever you like.
+
+![Image4](/Integrating_SimpleSAMLphp_with_ADFS_2012R2/Integrating SimpleSAMLphp with ADFS 2012R2 - lewisroberts.com_html_7d2f70e2ff401848.png)
+
+7. Click Next and the sso.lewisroberts.com Relying Party Trust is added.
+
+![Image4](/Integrating_SimpleSAMLphp_with_ADFS_2012R2/Integrating SimpleSAMLphp with ADFS 2012R2 - lewisroberts.com_html_3e28c38279b4d20e.png)
+
+8. Select the Relying Party Trust we’ve just added and then click Edit Claim Rules…
+
+![Image4](/Integrating_SimpleSAMLphp_with_ADFS_2012R2/Integrating SimpleSAMLphp with ADFS 2012R2 - lewisroberts.com_html_3f42c63af01adc16.png)
+
+9. Add an Issuance Transform Rule based on the Send LDAP Attributes as Claims template. Select at least UPN, whatever else you choose here is your choice but add another such as mail or uid.
+
+![Image4](/Integrating_SimpleSAMLphp_with_ADFS_2012R2/Integrating SimpleSAMLphp with ADFS 2012R2 - lewisroberts.com_html_2e280b78dac84561.png)
+
+10. Add another Issuance Transform Rule but this time based on the Transform an Incoming Claim template. This one is important and is required to allow SimpleSAMLphp to talk with ADFS.
+
+![Image4](/Integrating_SimpleSAMLphp_with_ADFS_2012R2/Integrating SimpleSAMLphp with ADFS 2012R2 - lewisroberts.com_html_bb5b5f2c5dde2437.png)
+
+11. Once configured, you should have two Issuance Transform Rules that look as follows:
+
+![Image4](/Integrating_SimpleSAMLphp_with_ADFS_2012R2/Integrating SimpleSAMLphp with ADFS 2012R2 - lewisroberts.com_html_6cf89600127daca9.png)