Search code examples
bindingadfsgoogle-search-applianceresolver

How do I setup HTTP artifact binding in ADFS 3.0?

I am trying to understand what are the steps involved in enabling HTTP artifact binding in ADFS 3.0 that could resolve my SAML assertion sending via GSA (Google Search Appliance). I need to provide an "Artifact Resolver URL" to GSA. so I need to know what steps are involved in ADFS 3.0 to make this URL working.

I see below document that talks about this in section 4.8, but that did not help me and also it is for ADFS 2.0.

http://download.microsoft.com/documents/France/Interop/2010/Using_ADFS2_0_For_Interoperable_SAML_2_0-Based_Federated_SSO.docx

https://SAML-hostname:port/saml-bridge/Resolve.aspx
Solution

  • The steps for ADFS 2 and 3 are much the same.

    You have to run ADFS on SQL Server not WID.

    The process is described here: SP-initiated Single Sign-On POST/Artifact Bindings.

    Also ADFS is a SP not an IDP in this scenario.

    Basically:

    • ADFS send AuthnRequest
    • User authenticates on IDP
    • When ADFS gets successful response, sends artifact to IDP by back-channel WS-Trust SOAP connection
    • IDP replies with assertions (claims)