Overview
This article provides step-by-step instructions on how to configure ADFS to support SAML 2.0 SSO. This requires your FogBugz On-Site to enable and force HTTPS connections.
For more information read SAML Single Sign-On in FogBugz.
Process
- Open Server Manager.
- Navigate to Tools > AD FS Management.
- Add a new Relying Party Trust.
- In the Select Data Source step, choose Enter data about the relying party manually.
- Provide a Display name (e.g.,
FogBugz SAML
) and click Next. - Set up the AD FS profile (SAML 2.0) and click Next.
- Click Next on the Configure Certificate screen with no optional token encryption certificate.
- Select Enable support for the SAML 2.0 Web SSO protocol > Relying party SAML 2.0 SSO service URL:
https://[FogBugz URL]/auth/SAML2/POST
- Add a Relying party trust identifier:
https://[FogBugz URL]/saml-sp
- Configure Multi-factor Authentication at your discretion.
- Configure Issuance Authorization Rules at your discretion.
- After submitting the initial configuration, right-click on Relying party trust entry and go to Properties:
- Go to Advanced > Select Secure hash algorithm as SHA-256.
- Go to Advanced > Select Secure hash algorithm as SHA-256.
- Right-click on the Relying trust party entry > Edit Claim Rules.
- Click Add Rule:
- Claim rule name: Enter the name of your choice.
- Attribute store: Active Directory.
- LDAP Attribute: Display Name or E-Mail Addresses (depending on whether you are matching on email or full name).
- Outgoing Claim Type: FogBugzFullName or FogBugzEmail (depending on whether you are matching on email or full name).