Configuring SharePoint 2013 for AD FS authentication

Complete the following steps to configure SharePoint 2013 for AD FS authentication:
Execute all the commands that are listed in this section on a single instance of SharePoint 2013 Management Shell.
  1. Enter the following code to import the AD FS Token Signing Certificate using SharePoint 2013 Management Shell:
    • $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 ("<PathToSigningCert>")
    • New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
  2. To define the unique identifier for mapping claims using SharePoint 2013 Management Shell, enter the following code to set UPN as the claim type:
    $upnClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" -IncomingClaimTypeDisplayName "UPN" -SameAsIncoming
    You can set different incoming claim types for SharePoint. Refer to the Microsoft documentation for additional information.
  3. To create a new authentication provider in your SharePoint farm to communicate with AD FS using SharePoint 2013 management console, enter the following code:
    • $realm = " urn:sharepoint:contoso"
    • $signInURL = https://<YourADFSServerName>/adfs/ls
    • $ap = New-SPTrustedIdentityTokenIssuer -Name <ProviderName> -Description<ProviderDescription> - realm $realm -ImportTrustCertificate $cert -ClaimsMappings $upnClaimMap -SignInURL $signInURL -IdentifierClaim $upnClaimMap.InputClaimType
    Some of the parameters appearing in the earlier code have the following significance:
    The
    Name
    value appears in your SharePoint web application as the Trusted Identity Token Issuer.
    The
    realm
    parameter is the relying party trust identifier that you use with this particular provider. Each web application or host-named site collection that you create has its own realm.
    The
    ImportTrustCertificate
    parameter is the token signing certificate that you copy from the AD FS server and pass to the application.
    The
    IdentifierClaim
    parameter informs SharePoint as to which claim submitted by the user is used for identification of users.
  4. In the command that are listed in Step 2 and Step 3 of these procedures,
    UPN
    is used as a claim attribute. Similarly, there are other claim attribute types that you can set for SharePoint. Refer to the Microsoft documentation for additional information.
  5. Enter the command
    Get-SPTrustedIdentityTokenIssuer
    to check the updated details.