What is ADFS Claims Provider Trust
In this blog we will learn what is ADFS Claims Provider Trust, we will learn how to create a Claims Provider Trust in ADFS, how to create claim rules for a claims provider trust and what is the difference between Claims Provider Trust and Relying Party Trust.
Table of Contents
Watch video
Join us on our YouTube channel and watch this deep dive video on Claims Provider Trust and how to create a claims provider trust in ADFS server.
What is ADFS Claims Provider Trust
If we go by definition, Claims Provider Trust is a medium that is used by the ADFS server to connect with Active Directory to get the claims.
Let’s consider one example to understand Claims Provider Trust in ADFS.
Let’s assume we have integrated one application with ADFS server. This application has Federation Metadata of the ADFS server, and ADFS server has a Relying Party Trust created for this application. Now this application knows that if any user from this organization will ask for an access, I will have to reach this ADFS server. And ADFS server knows that for any request coming from this application, I will have to issue a security token including the claims.
And to get the claims, ADFS reaches Active Directory. ADFS server asks Active Directory to authenticate the user, and in return issue a particular claim. And the medium that is used by the ADFS server to reach Active Directory or any claims provider, is called Claims Provider Trust.
Important: When we install ADFS server, Active Directory is automatically added as a claims provider trust in ADFS and this cannot be disabled.
How to create a Claims Provider Trust in AD FS server
To verify Claims Provider Trust in ADFS server, go to ADFS Management console, expand Services and click Claims Provider Trusts.
To create another Claims Provider Trust, click Add Claims Provider Trust on the same page as shown below.
On Welcome page click Start.
On Select Data Source page, you will get three options to add the claims provider trust. The first option is, if you have an online link for metadata of the claims provider you can select this option and add the link. The second option is, if you have an xml file for metadata of claims provider. And if you do not have either one of them, you can select the 3rd option that is manual option. Once done click Next.
On Specify Display Name page, type name for the Claims Provider Trust and click Next.
On the Configure URL page, specify the WS-Federation Passive URL (https://office365concepts.com/adfs/ls/) and click Next.
On Configure Identifier page, type identifier name for Claims Provider Trust and click Next.
On the Configure Certificates page, click Add to locate a certificate file and add it to the list of certificates, and then click Next.
On Ready to Add Trust page, click Next and click Finish on the Finish page.
Creating Claim Rules for a Claims Provider Trust
After we create a claims provider trust, we need to create Claims Rules. Claims rules will define which claims ADFS server will query to this claims provider, and what claims this claims provider will issue to the ADFS server.
To add claim rules, select Claims Provider Trust and click Edit Claims Rules.
To create a claim rule, please follow instructions in this link.
Difference between Claims Provider Trust and Relying Party trust
Claims Provider Trust is a medium that is used by the ADFS server to connect with Active Directory to get the claims.
Relying Party Trust is a term that is used to identify which applications are authorized to communicate with ADFS server. Relying Party Trust is a trust between ADFS server and the application that tells ADFS server to accept the request from the application and it issue a token to that application.
Conclusion
In this blog we learnt what is ADFS Claims Provider Trust, we learnt how to create a claims provider trust is ADFS management console, we learnt how to create claim rules for a claims provider trust and what is the difference between claims provider trust and relying provider trust.
Found this article helpful and informative? Please share it within your community, join us on YouTube for videos on Cloud technologies and join our Newsletter for early access of blogs and updates.
ADFS related articles
We welcome you to browse our other articles on ADFS (Active Directory Federation Services):
What is ADFS
What is federation trust in ADFS
ADFS deployment types
How to install ADFS on Windows Server 2016
ADFS claims based architecture
Set up ADFS for Microsoft 365 for Single Sign-On
ADFS endpoints explained
What is ADFS relying party trust, ADFS Claim Rules
ADFS Authentication Flow
What is ADFS Federation Metadata
Happy Learning!!