Web-based central authentication

The following groups can request single sign-on authentication using ADFS (https://uwaterloo.ca/faculties-academics ):

• A faculty

• An official school 

• An affiliated and federated institution of the University of Waterloo

• Research centers and institutes

• Research groups, as defined by the Senate Graduate & Research Council

• Student Societies, as listed by Waterloo Undergraduate Student Association (WUSA)

• WUSA

  • Clubs must be listed as an official club on the WUSA club listing or their respective Student Society homepage as defined

1. The URL for the application Metadata file or the file itself.

2. The claims required to be passed to the application.

Common claims that can be requested for use by applications using ADFS, others are available if not listed below:

• Group

• emailaddress

• surname

• givenname

• samaccountname

• EmployeeID

• StudentID

• UPN

ADFS information required for the application:

Production

• IdP Entity ID: adfs.uwaterloo.ca

• URL for IdP metadata: https://adfs.uwaterloo.ca/FederationMetadata/2007-06/FederationMetadata.xml

• Federation Identifier: http://adfs.uwaterloo.ca/adfs/services/trust

• IDP identifier: http://adfs.uwaterloo.ca/adfs/services/trust

Development

• IdP Entity ID: adfstest.uwaterloo.ca

• URL for IdP metadata:​​​ https://adfstest.uwaterloo.ca/FederationMetadata/2007-06/FederationMetadata.xml

Note: ADFS can also be used to limit access to an application based on an active directory group or set of groups.

Complete the web form at https://uwaterloo.ca/request-tracking-system/adfs-request

Complete the web form at https://uwaterloo.ca/request-tracking-system/adfs-request

For more information on the XML template or Apache set up, please view this knowledge base article. 

No cost.