5.1 Web.config

In the supplied web.config there is some AD FS parts that needs to be changed.

• <allow users="*" /> —  should be removed
• <!-- AD FS deny users="?" /--> — needs to be changed to <deny users="?"/>
  

<!-- Original -->    
	<authorization>
      <allow users="*" />
      <!-- ADFS deny users="?" /-->
    </authorization>

<!-- Changed-->
	<authorization>
      <deny users="?" />
    </authorization>

• In the section trustedIssuers change the thumbprint to the correct thumbprints from Token-decryption and Token-signing.
• Be aware that in some cases an unshown character might be copied with the thumbprint if you copy from Powershell. That need to be removed.
• my-adfs.server.com should be replaced with the URL of the ADFS server to be used
  

        <trustedIssuers>
          <add thumbprint="FB041E751322F2D22A212F8B72101B175985CD24" name="http://my-adfs.server.com/adfs/services/trust" />
          <add thumbprint="5591CB331588959252502F9533783AEDED336BB2" name="http://my-adfs.server.com/adfs/services/trust" />
        </trustedIssuers>

• In the section audienceUris make certain that all URLs where a user needs to be redirected to the ADFS server is noted. Normally only the main URL for the site Is needed here.
• Replace mm.company.org with the URL of the Media Manager
  

      <audienceUris>
        <add value="https://mm.company.org" />
      </audienceUris>

• In the section wsFederation change realm to the precise same as Relying party in the ADFS server.

      <wsFederation passiveRedirectEnabled="true" issuer="https://my-adfs.server.com/adfs/ls/" realm="https://mm.company.org" requireHttps="true" />

• Replace dam.company.org with the URL to the DAM Center using ADFS
  

      <cookieHandler requireSsl="true" domain="dam.company.org" path="/" />