Configuring SharePoint 2013 for AD FS authentication
Complete the following steps to configure SharePoint 2013 for AD FS authentication:
Execute all the commands that are listed in this section on a single instance of SharePoint 2013 Management Shell.
- Enter the following code to import the AD FS Token Signing Certificate using SharePoint 2013 Management Shell:
- $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 ("<PathToSigningCert>")
- New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert

- To define the unique identifier for mapping claims using SharePoint 2013 Management Shell, enter the following code to set UPN as the claim type:$upnClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" -IncomingClaimTypeDisplayName "UPN" -SameAsIncomingYou can set different incoming claim types for SharePoint. Refer to the Microsoft documentation for additional information.
- To create a new authentication provider in your SharePoint farm to communicate with AD FS using SharePoint 2013 management console, enter the following code:
- $realm = " urn:sharepoint:contoso"
- $signInURL = https://<YourADFSServerName>/adfs/ls
- $ap = New-SPTrustedIdentityTokenIssuer -Name <ProviderName> -Description<ProviderDescription> - realm $realm -ImportTrustCertificate $cert -ClaimsMappings $upnClaimMap -SignInURL $signInURL -IdentifierClaim $upnClaimMap.InputClaimType
Some of the parameters appearing in the earlier code have the following significance:TheNamevalue appears in your SharePoint web application as the Trusted Identity Token Issuer.Therealmparameter is the relying party trust identifier that you use with this particular provider. Each web application or host-named site collection that you create has its own realm.TheImportTrustCertificateparameter is the token signing certificate that you copy from the AD FS server and pass to the application.TheIdentifierClaimparameter informs SharePoint as to which claim submitted by the user is used for identification of users. - In the command that are listed in Step 2 and Step 3 of these procedures,UPNis used as a claim attribute. Similarly, there are other claim attribute types that you can set for SharePoint. Refer to the Microsoft documentation for additional information.
- Enter the commandGet-SPTrustedIdentityTokenIssuerto check the updated details.