Thursday, October 6, 2011

Installing and configuring ADFS v. 1.0

If you need to install and configure ADFS (Active Directory Federation Services) to use in scenarios such as Claims Based Authentication, you will need to know several things before installing and configuring ADFS.

  1. You will need to install and configure a Domain Controller/Active Directory prior to installing ADFS.  If you are simply setting up a test environment, you can install the domain controller with Active Directory on the same server as your ADFS installation.
  2. Active Directory requires SSL certificates to be installed in IIS in order to function properly.  When stepping through the ADFS installation wizard, you will have the option to create self-signed certificates. 
  3. After re-booting from an installation of ADFS, you will get an error message/error icon next to the ADFS role in Server Manager.  This is caused by the usage of the self-signed SSL certificates.  In order to resolve this issue, you will have to do the following:
    • Open up the IIS Manager console
    • Open up Server Certificates
    • For the individual Server Certificates that were created through the ADFS installation wizard, right click on the certificates and select View.
    • Once you are able to view the certificate, click on the Details tab.
    • On the Details tab, you should see a button on the bottom of the screen which states "Copy to File"
    • Click on the Copy to File button to export the server certificate.
    • Follow the wizard dialogs to export and save the server certificate.
    • Once both certificates have been successfully exported, you can right click on the certificates and select "Install Certificate"
    • When proceeding through the certificate installation dialogs, select the radio button for "Place all certificates in the following store"
    • You will then want to browse to the location of the "Trusted Root Certification Authorities"
    • Complete the Install Certificate wizard to store the server certificate in this location. 
    • Repeat this step for the other server certificate as well.
    • Once again re-boot the server.
    • When you open up Server Manager after the re-boot, the error message/error icon next to the ADFS role should have disappeared.
  4. Verify that you can now successfully access the following Url in a browser without getting a server certificate error message: https://<fully qualified server Url>/adfs/fs/federationserverservice.asmx
  5. If you are able to navigate to this Url and view the available methods on the Web Service, you have successfully configured ADFS for use!

No comments:

Post a Comment