Monday, March 16, 2015

Set up and install Active Directory Federation Services 3.0

I was recently reading up on Active Directory Federation Services and though I had thought that no major updates to ADFS had been made in a long time, I was wrong!

As it turns out, ADFS was updated to v. 2.1 with the release of Windows Server 2012 and was subsequently refreshed to ADFS v. 3.0 with the release of Windows Server 2012 R2!!

If you take a look at the following screenshots, you will see that the overall installation process for ADFS v. 3.0 has significantly improved over prior releases of ADFS:











As you can tell, the ability to select an SSL Certificate as well as choose between the Windows Internal Database or a SQL Server database are welcome improvements to the installation and configuration of ADFS v. 3.0.

When I was originally configuring ADFS, I decided to set up the Federation Service Name as the exact same name as my ADFS Server resulting in the following error message:

The SPN required for this Federation Service is already set on another Active Directory account.  Choose a different Federation Service name and try again.

I had originally used Internet Information Service's Manager "Create Self-Signed Certificate" feature to create a Self-Signed Certificate.   Of course, this automatically resolves the local SSL Certificate to the computer name resulting in the SPN Conflict Error Message displayed above.

I resolved this as I have in the past by simply using SelfSSL7: http://blogs.iis.net/thomad/archive/2010/04/16/setting-up-ssl-made-easy.aspx

Once I generated my desired Federation Service name, I re-installed ADFS and saw these dialogs instead:




You can then navigate to the location of your ADFS Server and you should see a screen similar to this:


That should be all there is to it!!

This is another great article on setting up ADFS v. 3.0 which covers how to connect it to Office 365:  http://blogs.catapultsystems.com/smcneill/archive/2014/01/04/setting-up-adfs-3-0-server-2012-r2-for-office-365.aspx

No comments:

Post a Comment