Configuring ADFS Support for SAML 2.0 SSO


Follow

Overview

This article provides step-by-step instructions on how to configure ADFS to support SAML 2.0 SSO. This requires your FogBugz On-Site to enable and force HTTPS connections.

For more information read SAML Single Sign-On in FogBugz.

 

Process

  1. Open Server Manager.
  2. Navigate to Tools > AD FS Management.
  3. Add a new Relying Party Trust.
    1. In the Select Data Source step, choose Enter data about the relying party manually.
    2. Provide a Display name (e.g., FogBugz SAML) and click Next.
    3. Set up the AD FS profile (SAML 2.0) and click Next.
    4. Click Next on the Configure Certificate screen with no optional token encryption certificate.
    5. Select Enable support for the SAML 2.0 Web SSO protocol > Relying party SAML 2.0 SSO service URL: https://[FogBugz URL]/auth/SAML2/POST
    6. Add a Relying party trust identifier: https://[FogBugz URL]/saml-sp
    7. Configure Multi-factor Authentication at your discretion.
    8. Configure Issuance Authorization Rules at your discretion.
    9. After submitting the initial configuration, right-click on Relying party trust entry and go to Properties:
      • Go to Advanced > Select Secure hash algorithm as SHA-256.
    10. Right-click on the Relying trust party entry > Edit Claim Rules.
    11. Click Add Rule:
      1. Claim rule name: Enter the name of your choice.
      2. Attribute store: Active Directory.
      3. LDAP Attribute: Display Name or E-Mail Addresses (depending on whether you are matching on email or full name).
      4. Outgoing Claim Type: FogBugzFullName or FogBugzEmail (depending on whether you are matching on email or full name).