ADFS (Active Directory Federation Service) provides users with single sign-on access to systems and applications and uses claims-based authentication. With single sign-on, you can log in once and move seamlessly between supported applications.
Who can use this service
The following groups can request single sign-on authentication using ADFS (https://uwaterloo.ca/faculties-academics ):
An official school
An affiliated and federated institution of the University of Waterloo
Research centers and institutes
Research groups, as defined by the Senate Graduate & Research Council
Student Societies, as listed by Waterloo Undergraduate Student Association (WUSA)
Clubs must be listed as an official club on the WUSA club listing or their respective Student Society homepage as defined
The URL for the application Metadata file or the file itself.
The claims required to be passed to the application.
Common claims that can be requested for use by applications using ADFS, others are available if not listed below:
IdP Entity ID: adfs.uwaterloo.ca
URL for IdP metadata: https://adfs.uwaterloo.ca/FederationMetadata/2007-06/FederationMetadata.xml
Federation Identifier: http://adfs.uwaterloo.ca/adfs/services/trust
IDP identifier: http://adfs.uwaterloo.ca/adfs/services/trust
IdP Entity ID: adfstest.uwaterloo.ca
URL for IdP metadata: https://adfstest.uwaterloo.ca/FederationMetadata/2007-06/FederationMetadata.xml
Note: ADFS can also be used to limit access to an application based on an active directory group or set of groups.
How to request this service
Complete the web form at https://uwaterloo.ca/request-tracking-system/adfs-request
Support for this service
For more information on the XML template or Apache set up, please view this knowledge base article.
Resources may be located within the IST Knowledge Base or on a website outside of this Confluence space.
About single sign-on
If you’d like to share any feedback about this service catalogue entry, please let us know.