Deploy Active Directory Federation Services

Advertisement

KB ID 0001140 Dtd 22/01/16

Problem

The actual configuration of ADFS depends largely on what you intend to do with it, In my case this is a pre-requisite to my deployment of Microsoft Web Application Proxy. This article is just to ‘join the dots’ and covers just the installation¬†of the role itself.

Solution

Before you Start: Make sure you have a certificate ready to use for ADFS. I typically use a wildcard cert for this, its better¬†if you have purchased one, or if you use certificate services, here’s how to create a wildcard certificate.

You may want to create a service account for ADFS to run under, below I’m using the domain administrator, which is not best practice in a production environment.

Server Manager > Manage > Add Roles and Features > Next >Next > Select the server > Next > Server Roles > Select Active Directory Federation Services > Accept all the defaults and install the role

ADFS Role Install

Launch the configuration wizard.

Configure ADFS

Create the first federation server in a federation farm > Next.

Federated Server Farm

To set this up, select your service account, (or the domain admin account) > Next.

ADFS Account

WARNING: If you use a wildcard cert like me it will choose the name of *.{domain-name}. THIS IS BAD! Change the federation service name to something¬†sensible, the ‘Display Name’ is what will be shown to the users as they authenticate. > Next.

Certificate for ADFS

Make sure the federation service name can be resolved in DNS!

DNS requirements ADFS

Enter your service account information > Next.

Domain AD Federation

Create a database (Note; If you are reinstalling it will discover any existing databases, and ask if you want to overwrite them) > Next.

ADFS Database

Next

active directory federation services

Configure.

ADFS prerequisites

Close

configure AD FS

To test, open a web browser and go to https://{FQDN-Of FS-Service}/adfs/ls/idpinitiatedsignon and log in.

Test ADFS URL

At this point, how you proceed depends on what you are using Federation Services for, you would set up either a relying or a claims provider trust.

As said above I’m using this for Web Application Proxy. When that article is complete, I’ll put the link at the bottom of this article.

ADFS What Next?

Related Articles, References, Credits, or External Links

Publishing Remote Desktop Services With Web Application Gateway

Author: PeteLong

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *