IT tutorials
 
Applications Server
 

Configuring Active Directory Server 2008 Roles : Active Directory Federation Services - Installing AD FS

2/10/2014 6:42:03 PM
- Windows 10 Product Activation Keys Free 2019 (All Versions)
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire

Active Directory Federation Services (AD FS) provides Internet-based clients a secure identity access solution that works on both Windows and non-Windows operating systems.

Normally when a user from one network tries to access an application in another network, they must have a secondary username and password.

AD FS allows organizations to set up trust relationships between networks and supports single sign-on (SSO), which allows users to access applications on other networks without needing secondary passwords. Security is improved and administrators spend less time resetting passwords when users don't have to remember multiple passwords.

AD FS requires an AD FS server on both ends of the connection. For example, if company A is going to set up trust relationship with company B, the AD FS server needs to be configured at both company A and company B.

1. Installing AD FS

Exercise 1 shows you the steps you need to perform to install the AD FS through the Server Manager MMC.

Exercise 1: Installing the AD FS

  1. Open the Server Manager MMC by selecting Start => Administrative Tools => Server Manager.

  2. In the left pane, click Roles. In the Roles Summary section of right pane, click Add Roles.



  3. On the Select Server Roles screen, click the Active Directory Federation Services check box and click Next.



  4. On the Introduction To AD FS screen, click Next.

  5. On the Select Role Services screen, choose the AD FS Web Agent check box. A dialog box appears asking you to confirm the additional services that need to be installed. Click Add Required Role Services. When the Select Role Services screen reappears, Click Next.



  6. On the Specify Federation Server screen, type the name of your server and domain and click Validate.



    You will see an error message explaining that the other Federation server that you are trying to connect to is unavailable. That is OK for this exercise. Click Next.

  7. At the Introduction To IIS screen, click Next.

  8. On the Select Role Services screen, you see the additional services needed to install IIS. All the required boxes are already checked. Click Next.



  9. The Confirm Installation Selections screen shows you all the services and roles that you are about to install. Click Install.



  10. After the installation is finished, click Close.




2. Configuring AD FS

Now that the AD FS is installed and running, you need to learn how to configure some of the important options. In the AD FS, you can configure trust policies, AD FS agents, and user and group mapping.


AD FS Web Agents

Administrators have the ability to configure a Windows NT token-based Web Agent. To support this new feature, Windows Server 2008 AD FS includes a user interface for the AD FS Web Agent role service. The Web Agent account is a service account that calls upon other services.


Trust policies

The AD FS trust policy is a file that outlines the set of rules that a Federation Service uses to recognize partners, certificates, account stores, claims, and the other numerous properties that are associated with the Federation Service.


User and group claim mapping

In basic terms, claims mean that each partnered location agrees and appropriately maps the AD FS trust policy for sharing between federation partner locations. A claim contains user information and helps users connect to a partner's resources. Three types of claims are supported by AD FS:


Identity claim

This claim type helps identify the user. The identity claim is included within a security token. A security token can contain up to three identity claims.


Group claim

This claim type indicates membership in a group or role.


Custom claim

This claim type provides any additional information that needs to be sent. An example might be DepartmentID. This is a custom field and then in turn would be a custom claim. A custom claim can provide any attribute that is located in Active Directory.

 
Others
 
- Configuring Active Directory Server 2008 Roles : Understanding Active Directory Domain Services
- Microsoft Exchange Server 2013 : Validating Exchange Server licensing
- Microsoft Exchange Server 2013 : Bypassing Exchange Admin Center and troubleshooting (part 3) - Resolving Outlook Web App, ECP, or other virtual directory issues
- Microsoft Exchange Server 2013 : Bypassing Exchange Admin Center and troubleshooting (part 2) - Troubleshooting Outlook Web App, ECP, PowerShell, and More
- Microsoft Exchange Server 2013 : Bypassing Exchange Admin Center and troubleshooting (part 1) - Bypassing Exchange Admin Center and Exchange Management Shell
- Microsoft Exchange Server 2013 : Accessing and using Exchange Admin Center (part 4) - Configuring Exchange Admin Center
- Microsoft Exchange Server 2013 : Accessing and using Exchange Admin Center (part 3) - Working with Exchange Server certificates
- Microsoft Exchange Server 2013 : Accessing and using Exchange Admin Center (part 2) - Authenticating and proxying connections
- Microsoft Exchange Server 2013 : Accessing and using Exchange Admin Center (part 1) - Accessing Exchange Admin Center
- Packaging and Deploying Sharepoint 2013 Apps : Deploying an App (part 3) - Autohosted App Deployment
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
programming4us programming4us
 
Popular tags
 
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS