Scribd
Upload
130 views12 pages

ADFS

This document provides instructions for configuring Active Directory Federation Services (AD FS) in Windows Server 2012 R2. It describes 6 main steps: 1) Creating an ADFS service account, 2) Configuring ADFS, 3) Verifying ADFS functionality, 4) Configuring a certificate for the application, 5) Configuring the Active Directory claims provider trust, and 6) Configuring the application to trust incoming claims from ADFS. The instructions provide detailed configuration steps for setting up ADFS and enabling single sign-on functionality between an application and Active Directory user accounts.

Uploaded by

Lawes Chan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
130 views12 pages

ADFS

This document provides instructions for configuring Active Directory Federation Services (AD FS) in Windows Server 2012 R2. It describes 6 main steps: 1) Creating an ADFS service account, 2) Configuring ADFS, 3) Verifying ADFS functionality, 4) Configuring a certificate for the application, 5) Configuring the Active Directory claims provider trust, and 6) Configuring the application to trust incoming claims from ADFS. The instructions provide detailed configuration steps for setting up ADFS and enabling single sign-on functionality between an application and Active Directory user accounts.

Uploaded by

Lawes Chan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 12

ADFS

https://mizitechinfo.wordpress.com/2015/01/08/simple-step-install-configure-adfs-in-windows-server-
2012-r2/

** before we proceed, make sure you create a new AD user called adfsService…

4 – On the Specify Service Account interface, click Use an existing domain user account or
group Managed Service Account and then choose adfs user that you created previously, and then click
next…

9 – to verify the ADFS functionality, log in to Windows 8.1 client PC as a AD user, and the open IE and
type : https://adfs.adatum.com/federationmetadata/2007-06/federationmetadata.xml,  and then verify
that the file loads successfully…
4th – Configure a certificate for the application

1 – Now switch to SVR1 server and open Internet Information Services (IIS) Manager and then
open Server
Certificates…

2 – then click Create Domain Certificate…


3 – In the Create Certificate interface on the Distinguished Name Properties, enter the
following information (please refer to snapshot), and then click Next…

4 – On the Online Certification Authority interface, click Select…


5 – click AdatumCA, and then click OK…

6 – On the Online Certification Authority interface, in the Friendly name box, type Adatum
Apps Certificate, and then click Finish…
7 – In IIS Manager, expand Sites, click Default Web Site, and then click Bindings…

8 – In the Site Bindings interface, click Add…


9 – In the Add Site Binding interface, in the Type box, select https, then in the SSL certificate box, select
Adatum Apps Certificate, and then click OK…

5th – Configure the Active Directory claims-provider trust

1 – Switch to DC1 server, and open AD FS Management, expand Trust Relationships, and then
click Claims Provider
Trusts, in the middle pane, right-click Active Directory, and then click Edit Claim Rules…
2 – In the Edit Claims Rules for Active Directory interface, on the Acceptance Transform Rules tab,
click Add Rule…

3 – In the Claim rule template box, select Send LDAP Attributes as Claims, and then click Next…
4 – On the Configure Rule interface, in the Claim rule name box, type Outbound LDAP Rule,
then in the Attribute Store drop-down list, select Active Directory.

** In the Mapping of LDAP attributes to outgoing claim types section, select the following
values and then click Finish:

5 – Then click OK…
6th – Configure the application to trust incoming claims

1 -Switch to SVR1 server, and then open Windows Identity Foundation Federation Utility


console….

2 – On the Welcome to the Federation Utility Wizard interface, in the Application
configuration location box, type C:\inetpub\wwwroot\AdatumTestApp\web.config for the
location of the sample web.config file…

** In the Application URI box, type https://lon-svr1.adatum.com/AdatumTestApp/ to indicate


the path to the sample application that will trust the incoming claims from the federation server,
and then click Next to continue…
3 – On the Security Token Service page, click Use an existing STS, in the STS WS-Federation metadata
document location box, type https://adfs.adatum.com/federationmetadata/2007-
06/federationmetadata.xml, and then click Next to continue…

4 – On the STS signing certificate chain validation error interface, click Disable certificate
chain validation, and then click Next…
https://blog.auth360.net/2013/09/13/first-impressions-ad-fs-and-windows-server-2012-r2-part-i/

You might also like