Web-based central authentication

ADFS (Active Directory Federation Service) provides users with single sign-on access to systems and applications and uses claims-based authentication.

Who can use this service:

The following groups can request single sign-on authentication using ADFS (https://uwaterloo.ca/faculties-academics):

  • A faculty
  • An official school 
  • An affiliated and federated institution of the University of Waterloo
  • Research centers and institutes
  • Research groups, as defined by the Senate Graduate & Research Council

Required information:

  1. The URL for the application Metadata file or the file itself.
  2. The claims required to be passed to the application.

Common claims that can be requested for use by applications using ADFS, others are available if not listed below:

  • Group
  • emailaddress
  • surname
  • givenname
  • samaccountname
  • EmployeeID
  • StudentID
  • UPN
 

ADFS information required for the application:

Production

  • IdP Entity ID: adfs.uwaterloo.ca
  • URL for IdP metadata: 

https://adfs.uwaterloo.ca/FederationMetadata/2007-06/FederationMetadata.xml

Devleopment

  • IdP Entity ID: adfstest.uwaterloo.ca
  • URL for IdP metadata:​​​

https://adfstest.uwaterloo.ca/FederationMetadata/2007-06/FederationMetadata.xml

Note: ADFS can also be used to limit access to an application based on an active directory group or set of groups.

How to request this service:

Support for this service:

Complete the web form at https://uwaterloo.ca/request-tracking-system/adfs-request.

For more information on the XML template or Apache set up, please view this knowledge base article. 

Pricing/Cost:

No cost.

Location:

EC2 - East Campus 2
200 University Ave West
Canada