Here you can find instructions how to configure TrivoreID authentication to work with Active Directory Federation Services (ADFS). Configuring ADFS itself is out scope of this document (only general requirements provided).
Configure TrivoreID
First, select User directories from main menu as shown below and click button Add directory.
...
You will be asked to select directory type. Select Active Directory Federation Services (ADFS).
...
Core settings
Here you can choose to enable always enforced authentication and/or automatic logout after login from this directory. Please note that not all SAML IdPs support enforced authentication. Additionally you can enter some technical notes for this directory.
...
SP metadata settings
SP metadata settings consist of SP entity ID, private key and certificate. For SP entity ID you can choose any random identifier if you so choose, there are no requirements. Often, this identifier includes the TrivoreID service URL and SAML authentication path. Example value is https://<hostname>/saml/SSO
...
TrivoreID does not place any restrictions either when choosing private key and certificate but the SAML IdP you are connecting to might have restrictions. Consult the appropriate person responsible for the IdP for any further information about these restrictions.
It is generally accepted practice to use self-signed certificates for SAML.
SP private key and SP certificate must both be in PEM format. Use any tool of your choice to generate self-signed certificate and private key. After you have configured all SP metadata settings, you can download automatically generated SP metadata.xml by clicking the link Download automatically generated SP metadata. You will need to import this xml file to the SAML IdP. You can make any changes to the xml file if needed as it is not cryptographically signed.