2. Active Directory Federation Services
Active Directory Federation Services (AD FS) is a software component developed by Microsoft
that can be installed on Windows Server operating systems to provide users with single sign-on
access to systems and applications located across organizational boundaries. It uses a claims-
based access control authorization model to maintain application security and implement
federated identity.
4. What is Claim?
Claim is piece of information that describes given identity on some aspect. Take claim as name-
value pair. Claims are held in authentication token that may have also signature so you can be
sure that token is not tampered on its way from remote machine to your system.
6. Claims-based authentication
1.User makes request to some application.
2.System redirects user to authentication page of external
system (it may also happen after system lets user to select
external system where he or she wants to log in).
3.After successful authentication external system redirects user
back with some information.
4.Application makes request to external system to validate user.
5.If user is valid then user gets access to application.
7. SharePoint 2013 ADFS Prerequisites
1) Create DNS Entry
2) Create a Service Account
3) Create ADFS Certificate Template
4) Request Certificates
15. Installing AD FS v2
◦ Right click “AdfsSetup.exe” and “Run as administrator”
◦ Click “Next >” on the “Welcome to the AD FS 2.0 Setup Wizard” screen
◦ Accept the terms of the license and click “Next >”
◦ On the “Server Role” screen select the “Federation server” radio button and click “Next >” to continue
◦ Click “Next >” on the “Install Prerequisite Software” screen
◦ Leave the “Start the AD FS 2.0 Management snap-in when this wizard closes.” checkbox selected and
click “Finish” to launch the post installation “AD FS 2.0 Federation Server Configuration Wizard”
16. Initial Configuration
Click the “AD FS 2.0 Federation Server Configuration Wizard” link
Select the “Create a new Federation Service” radio button and click “Next >”
17. Initial Configuration
Select the SSL certification that was previously created. For Service Communications
Specify the ADFS service account and password that was created during the prerequisite phase
19. AD FS V3?
Differences:
AD FS is no longer dependent on IIS. This offers enhanced performance and reduces the foot print
of services, especially when AD FS is installed on Active Directory domain controllers.
Remote installation and configuration through Server Manager.
UI support for installing AD FS with SQL Server
Group Managed Service Account support. This enables AD FS to be run with service accounts
without managing expiring service account passwords.
SQL Server merge replication support when deploying AD FS across globally dispersed datacenters.
Note that in Windows Server® 2012 R2, the ‘stand-alone’ mode for AD FS setup has been removed.
Web Application proxy
20. Web Application proxy
Web Application Proxy – a new Remote Access role service in Windows Server® 2012 R2 - to
provide reverse proxy functionality for corporate web applications and services.
Web Application Proxy also functions as an AD FS proxy.