Microsoft Sharepoint 2013 : Federated Authentication (part 2) - Active Directory Federated Services - Preparing for ADFS Installation

Preparing for ADFS Installation

Before we install ADFS, it is important that we complete a series of pre-installation steps, to establish a new DNS name and certificate with which we shall access ADFS. The following steps assume you completed the steps in the earlier section “Install Certificate Authority.”

1. Create a new ADFS user account in the domain; do not add the account to any groups. ADFS will assign privileges (Figure 4).

   

   Figure 4. Create an account for ADFS

2. Run the Microsoft Management Console (MMC.exe).
3. Add the following snap-ins:
   • a.  Certificate Templates
   • b.  Certificates (Local Computer)
   • c.  Certification Authority (Local Computer)
   • d.  ADFS 2.0
4. Expand the Certificate Templates node.
5. Right-click the Web Server template and select the option to duplicate the template (Figure 5).

   

   Figure 5. Duplicate the Web Server certificate template

6. Select the version of template for Windows Server 2008 Enterprise.
7. Give the template a name and display name of ADFS.
8. Click the security tab to assign the new ADFS service account, Read and Enroll permissions (Figure 6).

   

   Figure 6. Read and Enroll permissions for the ADFS service account

9. Assign authenticated users the Read and Enroll permissions (I had to do this to allow me to create a new certificate later).
10. Click the Request Handling tab and then check the option to allow the private key to be exported.
11. Click the OK button on the dialog.
12. Expand the Certification Authority node.
13. Expand the Server Name node.
14. Right-click Certificate Templates.
15. Select Certificate Template to Issue (Figure 7).

    

    Figure 7. Create new certificate template for ADFS

16. Choose the ADFS certificate template (Figure 8), then click the OK button.

    

    Figure 8. ADFS Certificate Template for new ADFS certificate

17. Create a new CNAME in your DNS, which resolves the IP of the ADFS server—I use the Windows DNS services on my AD server (Figure 9).

    

    Figure 9. New CNAME in DNS

18. Expand the Certificates node in the MMC.
19. Expand the Personal node, and then expand Certificates.
20. Right-click the Certificates node and then select the option to request a new certificate, within the All Tasks menu (Figure 10. Request a new certificate for ADFS).

    

    Figure 10. Request a new certificate for ADFS

21. Click the Next button on the certificate enrollment dialog.
22. Choose the Active Directory Enrollment Policy (Figure 11) and click the Next button.

    

    Figure 11. Active Directory Enrollment Policy

23. Check the ADFS certificate, shown in Figure 12.

    

    Figure 12. Select ADFS certificate template

24. Click the link to configure more settings.
25. Change the Type drop-down to Common Name in the Subject name section.
26. Enter the DNS name in the Value field of the Subject name section.
27. Click the Add button; my dialog now looks like that in Figure 13.

    

    Figure 13. Configuration settings for ADFS certificate

28. Click OK to close the configuration settings dialog, then the Enroll button on the enrollment dialog.
29. Click the Finish button once the enrollment process completes.
30. Right-click the new certificate you just created.
31. Select All Tasks, then click the option to manage private keys.
32. Grant the ADFS service account Full Control and Read permissions.

With the pre-installation configuration steps complete, you are now ready to begin the installation of ADFS.