Menu
Can someone explain what a relying party trust is. I am configuring IFD for CRM but I cannot find basic information on what a relying party is and what is does?
872
The relying party identifier uniquely identifies an AD FS-federated application so that another claims provider can authenticate users seeking access to the application. You must obtain the relying party identifier for each AD FS-federated application that you want to add to the Workspace ONE catalog.
Access AD FS 2.0 Management Console (Windows Start menu > All Programs > Administrative Tools > AD FS 2.0 Management. In AD FS 2.0 Management Console, under Trust Relationships, select Relying Party Trusts. In the list of trusts displayed, find the trust for the ADFS server which is trusted by SharePoint.
To create a relying party trust manually. In Server Manager, click Tools, and then select AD FS Management. In AD FS snap-in, under AD FS\Trust Relationships, right-click Relying Party Trusts, and then click Add Relying Party Trust to open the Add Relying Party Trust Wizard. On the Welcome page, click Start.
The way I would describe this is that CRM is the relying party, it is relying on ADFS to check the claims that are made ("I claim that I am userX"). In ADFS you configure a relying party trust to tell ADFS where it can expect claims to come from - it will trust the relying party so that when a user is authenticated they can be redirected back to that application (you don't want to give a user a token to present to an application you do not trust).
127
ADFS allows federation which comprises two sides viz. the IDP (Claims Provider) (the owner of the identity repository - in this case AD) and the RP (Relying Party) which is another STS or application that wishes to outsource authentication to the IDP.
Trusts are handled via certificates based on the ownership of private keys e.g. SAML tokens are signed by the IDP.
So the RP trust is the trust between the RP and the IDP - a token signed by the IDP must originate from the IDP and therefore the claims inside the token can be trusted.
37
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
