SAMPLE WALK-THROUGH

ARTIFACTORY: How do I configure Artifactory SAML SSO with ADFS 2022?

AuthorFullName__c
Loren Yeung
articleNumber
000001563
ft:sourceType
Salesforce
FirstPublishedDate
2016-10-06T13:35:56Z
lastModifiedDate
2021-09-13
VersionNumber
8
  1. Open the ADFS Management Console.
  2. In the tree browser on the left, Navigate to "Relying Party Trusts".
  3. Click on "Add Relying Party Trust" (Under the "Actions" window on the right side of the console).
  4. In the "Add Relying Party Trust Wizard" dialog, select “Claims aware”, then click "Start".
  5. Select "Enter data about the relying party manually" and click "Next".
  6. Choose any "Display name" and click "Next".
  7. You can skip over the certificate and click "Next".
  8. Choose "Enable support for the SAML 2.0 WebSSO protocol" and in the URL textbox fill in: "https://{PLATFORM_URL}/artifactory/webapp/saml/loginResponse" and click "Next".

(Example of {PLATFORM_URL}: https://yourcompany.jfrog.io/yourcompany or https://yourcompany.local:8443/artifactory )

User-added image


9. In the "Relying party trust identifier" textbox fill in: "https://{PLATFORM_URL}" and click "Add", click "Next".


User-added image

10. Choose "Permit everyone" and click "Next".
11. Click "Next".
12.   Choose "Close".
13.   In the "Edit Claim Issuance Policy" dialog, click on "Add Rule…"
14.   In the "Claim rule template" dropbox, choose "Send LDAP attributes as claims" and click "Next".
15.   Fill in any "Claim rules name" and in the "Attribute store" dropbox choose "Active Directory".
16.   In the "Mapping of LDAP attributes…" section, in the "LDAP attribute" choose "SAM-Account-Name" or "Email Address". In the "Outgoing claim type" dropbox choose "Name ID" and click "Finish".

User-added image


17.  Add another rule, this time choose “Transform an incoming claim” and click next.


User-added image

18. Fill in a name, and have the “Incoming claim type” field set to “E-Mail Address” and “Outgoing claim type” to “Name ID”. Click on Finish.

  • You can change the  “Incoming claim type” attribute to “Windows Account Name” if you want your Artifactory user to appear correspondingly (instead of your email address).
 
User-added image