Thursday, March 7, 2013

Testing an ADFS Installation without SharePoint

If you are planning a deployment of SharePoint with Claims-based authentication using ADFS (Active Directory Federation Services), chances are you will want to set up ADFS on a separate server and verify that it is working properly before you configure it to work with SharePoint.

Normally, you would have to set up a test application such as an ASP.NET Web Application using the Windows Identity Foundation SDK to verify the functionality and integration of ADFS.

Fortunately, there is a little known feature in ADFS once it is installed which allows you to test an installation of ADFS without an application!

This feature is in the form of a page called IdpInitiatedSignOn.aspx which is located in the root of the /adfs/ls directory.  Therefore, it can be found at a Url similar to the following https://<adfs fqdn>/adfs/ls/IdpInitiatedSignOn.aspx

You can find this page by browsing the Content View in IIS to locate the name of the page:





If you want to simplify your life further, you can turn on FormsSignIn and make it the default authentication type in the web.config file (located beneath C:\inetpub\adfs\ls).  By default, the FormsSignIn.aspx element is not the first element in the web.config file.  You can simply cut and paste it as the first line below localAuthenticationTypes as shown in the screenshot below:


Once you have everything configured, you should be able to log into the IdpInitiatedSignOn.aspx page and see a page similar to the following:



If you are able to successfully log into your ADFS instance using your Windows Active Directory credentials, you have correctly setup and configured your ADFS installation and can proceed with integrating ADFS with SharePoint as a Trusted Identity Provider!






Congratulations!!



No comments:

Post a Comment