How to specify Relying Party Identifier / ACS URL in SAML Authentication Request(from ADFS 4.0 to third party IDP)? RRS feed

  • Question

  • Environment: AD FS 4.0, Windows Server 2016

    Subject: SAML Integration between ADFS as a Service Provider, our IDP(SafeNet Trusted Access) as an Identity provider and Salesforce as a protected application(added in ADFS)

    Use-case overview: Salesforce Sending Authentication Request(Request no 1) to ADFS, then AD FS send Authentication Request(Request no 2) to SafeNet Trusted Access. After successful authentication from our IDP, IDP sends SAML response (Response no 1)to AD FS, then ADFS sends SAML response(Response no 2) to Salesforce. After this, we are successfully logged into the Salesforce account using SAML SSO. 

    Desired task: We want our IDP to know which target application(for example, Salesforce) has been triggered or for which application user has requested for access. In normal SSO flow, ADFS does not send the target application URL or Identifier to third party IDP. So, our motive is to configure ADFS in such a way that AD FS sends the target resource(for example, Salesforce) URL or Identifier to our IDP in SAML Authentication Request(Request no 2). 

    Progress up till now: Normal end to end SAML SSO flow is working. Tried some of the Powershell commands to customize the SAML Request for target application URL, no working solution yet.

    Please share your suggestions, how can I configure this in AD FS 2016?

    Waiting for your response

    Thanks & Regards
    Ayush Mahawar
    Software Engineer
    Friday, July 5, 2019 11:34 AM