Reference Guide
...
ADFS Configuration
ADFS-side configuration
we assume that adfs role is already installed on environment 1 go to adfs management and right click on “relying party trust” 2 click on add relying party trust and choose “claims aware” option 3 choose “enter data about the relaying party manually” then click next 4 write a display name like “kron pam adfs” then click next and pass the “configure certificate” menu 5 in configure url section choose the “enable support for the saml 2 0 websso protocol” then fill the url with below data then click next https //kron pam/aioc rest web/servlet/saml/samlrecipient 6 in configure identifiers section please enter below data for “relying party trust identifier” and click add button then click next until the end of the configuration https //kron pam/aioc rest web/servlet/saml/samlcheck 7 after those go to the management page and right click on newly created “relying party trust” then click properties 8 then go to the “endpoints” tab and click add saml button choose saml logout as “endpoint type” and post as “binding” option and as “trusted url” please enter below data then click ok https //kron pam/aioc rest web/servlet/saml/samllogout 9 then click apply button the finish this configuration 10 this time right click “relying party trust” again and choose “edit claim issuance policy” 11 on the opened page click “add rule” than choose “send ldap attribute as claims” for claim rule template then click next 12 on below section give a name for the claim rule and choose appropriate option for your actual infrastructure as you know claims are being sent to service provider in below example samaccountname is taken from active directory and being sent as name id to kron pam if the users are imported from ad to kron pam without domain information below config should work otherwise ldapattribute should be chosen accordingly