Description

ADFS Configuration:

In ADFS, create a new "Relying Party Trust" for Enterprise Vault Search with below settings:

1. Type: Claims Aware

2. Select Data Source: Enter data about the relying party manually

3. Display Name: Enterprise Vault Search

4. Configure Certificate: No need to configure certificate 

5. Configure URL: Check "Enable support for SAML 2.0 WebSSO protocol"

Relying party SAML 2.0 SSO Service URL: https:///EnterpriseVault/Search/SamlAcs.aspx

6. Relying party trust identifier: https:///EnterpriseVault/Search

Note: The SSO Service URL and Relying party trust identifier specified above are case sensitive and needs to be in the same case as specified in Web.Config file on EV Server. (EVInstallDirectory\EVSearch\EVSearchClient\Web.Config)

7. Choose Access Control Policy: Permit everyone

8. Ready to Add Trust: Click next

9. Finish: Check "Configure claims issuance policy for this application" and click on Close.

10. Right click on newly created Relying party trust and click on "Edit Claim Issuance Policy for Enterprise Vault Search"

11. Choose Rule Type: Send LDAP Attributes as Claims

12. Configure Claim Rule: 

    Claim Rule Name: UPN
    Attribute store: Active Directory
    LDAP Attribute: User-Principal Name
    Outgoing Claim: UPN

13. Click on Finish.

14. You can browse ADFS Federation Metadata endpoint URL to download the configuration file which can be used later for configuring SSO in EV:

https://adfsurl/FederationMetadata/2007-06/FederationMetadata.xml

SSO Configuration on EV Server:

1. For initial configuration of SSO in EV, review the Enterprise Vault™ Installing and Configuring Guide - Configuring Single Sign-On.

2. Once done, go to EV Site - Properties - Single Sign-On and Click on Configure

3. Click on Advanced and Specify Attribute name as: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn

4. Restart IIS.

5. Test Enterprise Vault Search.