Adding Assertion Consumer Service endpoint to AD FS
In order to retrieve the metadata for the SAML Session Provider, the AD FS server must trust the SSL certificate used by
the SAML Router. The root certificate used to sign this SSL certificate must be present in the Trusted Root Certificates store
on the AD FS server.
If an external CA has been used to sign the grid SSL certificate, it may already be present in the Trusted Root Certificates
store. See Configuring host SSL certificate.
Find the federation metadata URL for the SAML Session Provider:
From the Grid Management Pages, open the management pages of the SAMLSessionProvider application.
Copy the federation metadata URL displayed on the page for use in step 7.
Log on to the AD FS server, and start the AD FS Management console.
Expand Trust Relationships in the left side menu and select Relying Party Trusts.
Select the application that corresponds to your SAML Session Provider
installation, with the display name on the format Infor_Grid-<gridPurpose>_<InforOSFarmName>_<InforOSID> and
the Identifier on the format urn:Infor_<InforOSFarmName>_<InforOSID>:Grid_<gridPurpose>.
Right-click and select Properties.
On the Monitoring tab, enter
the federation metadata URL for your SAML Session Provider (see step 2c for the
Click Test URL to ensure
that the address is reachable and trusted by AD FS. If you get an error message, see the
Microsoft Windows Server documentation on troubleshooting trust management problems with
When you get a message saying that the URL was validated successfully, click OK and then OK again.
Select again the application that corresponds to your SAML Session Provider installation.
Right-click and select Update from Federation Metadata.
On the Endpoints tab, verify
the SAML Assertion Consumer Endpoints, and then select Update.