IT tutorials
 
Applications Server
 

Microsoft Sharepoint 2013 : Federated Authentication (part 1) - Active Directory Federated Services - Install Certificate Authority

12/23/2014 8:13:20 PM
- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire

In the section titled “Configuring a Claims Web Application” I briefly touched on federated authentication within SharePoint via Trusted Identity Providers. In this section, we shall explore the use of federated authentication, using Active Directory Federated Services.

Active Directory Federated Services

Active Directory Federated Services is a service provided by Microsoft to provide federated claims authentication. ADFS uses the WS-Federation standard protocol and returns secure tokens in Security Assertion Markup Language format.

Administrators may download ADFS from the following link, install it, and configure it via a Microsoft Management Console (MMC): www.microsoft.com/en-us/download/details.aspx?id=10909 .

Why would you be interested in federated authentication and why ADFS? Although SharePoint is not strictly federating authentication, since the platform is still authenticating users, it has abstracted authentication via its own Secure Token Service. ADFS brings true federated authentication because ADFS is a separate service that any application can leverage, as long as it supports WS-Federation and SAML. The following is a list of some of the benefits that ADFS brings to your organization:

  • Single-Sign-On (SSO): If ADFS is the central hub for authentication of any application in the organization then these applications can offer SSO. A user authenticates through one application and ADFS generates a SAML token for the user. When the same user attempts to authenticate via a different application—also using ADFS—ADFS sends back the same token without prompting the user for credentials because ADFS remembers the user (via cookie or NTLM token) from the first authentication success.
  • WS-* Interoperability: ADFS interoperates with any system that supports WS-Federation and supports the WS-* standards of other security-based services. Without ADFS, applications on the Microsoft Windows Server platform must implement claims authentication using the Windows Identity Framework to support authentication federation. ADFS enables authentication federation for applications that do not provide their own authentication federation via WS-Federation protocols.
  • Avoids Credential Management: Using ADFS, you can allow users to authenticate with other claims-aware applications (such as Windows Azure) and provide access for users of these applications to your applications without having to manage account credentials. Users maintain their own credentials via these independent account providers, ADFS facilitates the authentication process, and your applications only have to keep a record of unique user identity (based on claims in SAML tokens) to identify an authenticated user.
  • Claims Mapping: ADFS understands claims provided by federated providers and can map them into different claim types in use in your organization.
  • Extensible Architecture: ADFS supports custom claims augmentation (associating claims with a user’s identity), via custom extensions implemented by developers and third parties.

ADFS System Requirements

ADFS will install on all of the following Windows Server platforms:

  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 R2
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Foundation
  • Windows Server 2008 R2 Standard
  • Windows Server 2008 Service Pack 2
  • Windows Server 2008 Standard
  • Windows Small Business Server 2008 Premium
  • Windows Small Business Server 2008 Standard

ADFS requires the following software components installed to operate correctly:

  • Internet Information Server (IIS) 7 or above
  • .NET Framework 3.5 with Service Pack 1
  • SQL Server 2005 (Express, Standard, or Enterprise) or SQL Server 2008 (Express, Standard, or Enterprise)

Install Certificate Authority

ADFS requires certificates to encrypt and sign SAML tokens. In a production deployment, you would install purchased certificates, signed by a trusted root certificate authority such as VeriSign. However, for development and demonstration purposes, we shall install Active Directory Certificate Services and create our own Certification Authority for issuing ADFS certificates.

  1. Open the Windows control panel.
  2. Double-click the Program and Features icon.
  3. Click the link to turn Windows features on or off.
  4. Click Roles in the left navigation.
  5. If Active Directory Certificate Services is not installed, click the link to add a new role.
  6. Select the Active Directory Certificate Services role from the list (Figure 1), then click the Next button.

    9781430249412_Fig08-10.jpg

    Figure 1. Select the Active Directory Certificate Services role

  7. Select Certification Authority and Certification Authority Web Enrollment services (Figure 2).

    9781430249412_Fig08-11.jpg

    Figure 2. Certification services

  8. Specify the CA type as Enterprise, click Next.
  9. Select Root CA and click Next.
  10. Create a new private key for the CA.
  11. Select the cryptography for the CA—SH1 with the size of 2048 is a good configuration.
  12. Give the CA a distinguished name. I chose the default name provided, which the wizard determined by using the name of my domain and server name, then click Next.
  13. On the confirmation dialog, click the Install button.
  14. Assuming no errors occurred, you should see an installation status dialog (Figure 3).

    9781430249412_Fig08-12.jpg

    Figure 3. Successful configuration of Certification Authority

 
Others
 
- Microsoft Sharepoint 2013 Authentication (part 3) - Configuring a Claims Web Application - Configuring SSL for SharePoint
- Microsoft Sharepoint 2013 Authentication (part 2) - Configuring a Claims Web Application - Creating a New CBA Application, Configuring an Existing CBA Web Application
- Microsoft Sharepoint 2013 Authentication (part 1) - Legacy Approach—Classic Mode Authentication
- Microsoft Sharepoint 2013 : Claims-Based and Federated Authentication - Digital Identity
- Exchange Server 2013 Management and Maintenance Practices (part 7) - Weekly Maintenance, Monthly Maintenance, Quarterly Maintenance
- Exchange Server 2013 Management and Maintenance Practices (part 6) - Prioritizing and Scheduling Maintenance Best Practices
- Exchange Server 2013 Management and Maintenance Practices (part 5) - Message Tracking
- Exchange Server 2013 Management and Maintenance Practices (part 4) - SMTP Logging
- Exchange Server 2013 Management and Maintenance Practices (part 3) - Auditing the Environment
- Exchange Server 2013 Management and Maintenance Practices (part 2) - Remote Connectivity Analyzer
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
programming4us programming4us
 
Popular tags
 
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS