Configuring ADFS

The connection between ADFS and HackEDU is defined using a Relying Party Trust (RPT).

To add a relying party trust to the ADFS configuration, perform the following:

Select the Relying Party Trusts folder from ADFS Management and add a new Standard Relying Party Trust. This starts the configuration wizard for a new trust.

Click Start. The Select Data Source screen is displayed.

Select the last option, Enter Data About the Party Manually and click Next. The Specify Display Name screen is displayed.

Enter the Display Name as HackEDU.

You can also enter any notes that you want to make.

Click Next. The Choose Profile screen is displayed.

Select the ADFS 2.0 profile option and click Next. The Configure Certificate screen is displayed.

Leave the default setting and click Next. The Configure URL screen is displayed.

Select the last option, Enable Support for the SAML 2.0 WebSSO protocol.

Add the following:  https://auth.hackedu.com/saml2/idpresponse  

Click Next. The Configure Identifiers screen is displayed.

Add the following: urn:amazon:cognito:sp:us-east-1_CHi5tsM8X , into the Relaying party identifier field and click Add.

Click Next.

In the Configure Multifactor Authentication screen, leave the default setting and click Next. The Issuance Authorization Rules screen is displayed.

Select the first option, Permit all users to access the relying party. Click Next. The Ready to Add Trust screen is displayed.

This screen displays an overview of your settings. Click Next. The Finish screen is displayed.

Leave the default setting and click Close to exit. This last action opens the Claim Rules editor.

By default the Claim Rule Editor opens once you created the relying party trust.

To create a new rule, click Add Rule. The Select Rule Template screen is displayed.

Select the Send LDAP Attributes as Claims template from the Claim rule template drop-down. The Edit Rule dialog is displayed.

Enter a Claim rule name (i.e. Rule 1),

Select Active Directory from the Attribute store drop-down.

Now map the following attributes to the rule:

  1. From the first LDAP Attribute column, select SAM-Account-Name
  2. From the first Outgoing Claim Type, select Windows account name
  3. From the second LDAP Attribute column, select E-Mail Address
  4. From the second Outgoing Claim Type, select E-Mail Address

Click OK to save the new rule.

From the Claim Rule Editor, click Add Rule to add another rule. The Select Rule Template screen is displayed.

This time select the Transform an Incoming Claim template from the Claim rule template drop-down. The Configure Rule dialog is displayed.

Enter a Claim rule name (i.e. Rule 2),

Select Active Directory from the Attribute store drop-down.

Now define the following attributes to the rule:

  1. From the Incoming claim type drop-down, select E-Mail Address
  2. From the Outgoing claim type drop-down, select Name ID
  3. From the Outgoing name ID format drop-down, select E-Mail

Leave the default Pass through all claim values setting.

Click OK to save the new rule. The rule order should look similar to the following example.

Click OK again to finish creating rules.

Automatically Sync Teams to HackEDU (optional)

If you want to automatically sync Teams from your SSO provider to HackEDU, follow these instructions.

Upload HackEDU Metadata File

Download the SAML metadata document for your ADFS federation server from the following address:  https://[yourservername]/FederationMetadata/2007-06/FederationMetadata.xml 

You can follow the instructions on this page to upload your Metadata File in the HackEDU Admin Dashboard.

Did this answer your question?