Maxim Zhvirblya presented "SharePoint 2013 and ADFS" @ Belarus SPUG meet-up #39, July 24.

1. SharePoint 2013 and
ADFS
MAXIM ZHVIRBLYA
EPAM SYSTEMS © 2014

2. Active Directory Federation Services
Active Directory Federation Services (AD FS) is a software component developed by Microsoft
that can be installed on Windows Server operating systems to provide users with single sign-on
access to systems and applications located across organizational boundaries. It uses a claims-
based access control authorization model to maintain application security and implement
federated identity.

3. Active Directory Federation Services

4. What is Claim?
Claim is piece of information that describes given identity on some aspect. Take claim as name-
value pair. Claims are held in authentication token that may have also signature so you can be
sure that token is not tampered on its way from remote machine to your system.

5. Claims-based authentication
Claims-based authentication is more general authentication mechanism that allows users to
authenticate on external systems that provide asking system with claims about user.

6. Claims-based authentication
1.User makes request to some application.
2.System redirects user to authentication page of external
system (it may also happen after system lets user to select
external system where he or she wants to log in).
3.After successful authentication external system redirects user
back with some information.
4.Application makes request to external system to validate user.
5.If user is valid then user gets access to application.

7. SharePoint 2013 ADFS Prerequisites
1) Create DNS Entry
2) Create a Service Account
3) Create ADFS Certificate Template
4) Request Certificates

8. Create DNS Entry

9. Create a Service Account

10. Create ADFS Certificate Template

11. Create ADFS Certificate Template

12. Request Certificates

13. Request Certificates
Certificates:
1. Service Communications
2. Token Decrypting
3. Token Signing

14. Installing AD FS v2
◦ download the ADFS 2.0 installation

15. Installing AD FS v2
◦ Right click “AdfsSetup.exe” and “Run as administrator”
◦ Click “Next >” on the “Welcome to the AD FS 2.0 Setup Wizard” screen
◦ Accept the terms of the license and click “Next >”
◦ On the “Server Role” screen select the “Federation server” radio button and click “Next >” to continue
◦ Click “Next >” on the “Install Prerequisite Software” screen
◦ Leave the “Start the AD FS 2.0 Management snap-in when this wizard closes.” checkbox selected and
click “Finish” to launch the post installation “AD FS 2.0 Federation Server Configuration Wizard”

16. Initial Configuration
Click the “AD FS 2.0 Federation Server Configuration Wizard” link
Select the “Create a new Federation Service” radio button and click “Next >”

17. Initial Configuration
Select the SSL certification that was previously created. For Service Communications
Specify the ADFS service account and password that was created during the prerequisite phase

18. Some Demo =)

19. AD FS V3?
Differences:
 AD FS is no longer dependent on IIS. This offers enhanced performance and reduces the foot print
of services, especially when AD FS is installed on Active Directory domain controllers.
Remote installation and configuration through Server Manager.
UI support for installing AD FS with SQL Server
Group Managed Service Account support. This enables AD FS to be run with service accounts
without managing expiring service account passwords.
SQL Server merge replication support when deploying AD FS across globally dispersed datacenters.
Note that in Windows Server® 2012 R2, the ‘stand-alone’ mode for AD FS setup has been removed.
Web Application proxy

20. Web Application proxy
Web Application Proxy – a new Remote Access role service in Windows Server® 2012 R2 - to
provide reverse proxy functionality for corporate web applications and services.
Web Application Proxy also functions as an AD FS proxy.

21. Questions & Discussion