All Talis products use SAML 2.0 for authentication. ADFS supports SAML 2.0 and so can be used with Talis products to provide a devolved Authentication mechanism. This article outlines some information provided to us by one of our customers to help with configuration of Custom Claims rules in ADFS to send us the attributes we expect to see.
Important: This information is provided as is and without warranty, as supplied in examples by a customer and is for the purpose of guiding you into the appropriate areas of ADFS configuration. Talis has not been able to verify the accuracy of this information. If you need support on the Technical aspects of configuring ADFS, Talis would recommend that you talk to the ADFS experts in your organisation, or raise a support ticket with the organisation that manages your ADFS infrastructure. Talis do not have ADFS expertise directly available to support with ADFS specific queries.
Can you contribute?: We are grateful to the University of Hertfordshire in providing this information for us to share. If you would like to suggest alterations to this document to clarify or improve the detail provided, please comment, or raise a ticket with Talis Support.
If you are setting up claims rules and wish to test that they are being interpreted correctly by Talis's login server, please raise a ticket with Talis Support, and we can talk you through the testing process and provide you with URLs which you can use to debug individual login attempts.
Talis Aspire expects to see an eduPersonTargettedID and optionally eduPersonEntitlement attributes in the SAML response after a user has logged in. Both of these are listed in our Service Provider Metadata which can be found at:
- EU APAC - https://login.talisaspire.com/entity
- Canada North America - https://login.ca.talis.com/entity
You will need to configure Claims using Custom Rules in ADFS to build and correctly format the attributes. The document attached to this article provides a series of example rules for doing this.