Link to home
Start Free TrialLog in
Avatar of smyers051972
smyers051972Flag for United States of America

asked on

Active Directory Federation Services Install

All,

I am currently charged with deploying active directory federation services to our Server 2008 R2 domain.

When I read over the documentation I feel I am left with more questions then answers.  Does anyone have a much more simplified step by step type documentation that explains better how to deploy it.  I am not deploying any trust yet as that comes after FS is stood up.

I have added a couple virtual machines for the FS role (for a RMS cluster) and two DMZ proxy servers as well however the role itself being installed is clearly not enough to make it work.  My focus on this question is just standing it up and that alone. I am looking for something easy to understand, something so easy a caveman can do it? :)

Any help is greatly appreciated. On the horizon it looks like Office 365 is going to be one thing using federation services, I know we have a current need to use AD FS SAML for something called Jive.

Thanks again!
Avatar of Amit
Amit
Flag of India image

Do you have any HLB?
Avatar of smyers051972

ASKER

This is my first deployment please elaborate :)
I am asking about Hardware load balancer. As you implemented 2 Proxy servers. What about ADFS internal server, did you create a farm? or? Standalone?

What about ID provisioning? Are you planning for ADLDS?
ok so no hardware load balancer, what I didnt get was why two servers each since they are all vm's running under vmware in a cluster already but the boss said to do it that way any ways.

I created two ADFS servers, server1 I added the role and am stuck on the certificate portion currently.  Server2 is just sitting there right now, nothing has been done to it at all yet.

Proxy1 and Proxy2 have also been left un-touched right now.

As for AD LDS, it may be used in SAML for this Jive authentication, they use SAML/AD FS authentication to access their site.  It would essentially use our AD accounts to manage who is authorized to access their site.

Hope that helps you help me :)

Again this is my FIRST deployment.
When I look at this video I dont have the same certificate either:
http://technet.microsoft.com/en-us/video/setting-up-single-sign-on-with-office-365-using-adfs-2-0.aspx 

This is mind boggling, my focus though is just standing up the SSO services not to pair with anything yet.
The purpose for 2 ADFS proxy and ADFS server is to have the high availability, which can be achieved using Load balancer.

I suggest you to hire a ADFS consultant as it is a complex task and require bit designing and implementation skills.
They will not let me do that, so I am seeking assistance something bulleted would help me, just to stand up the AD FS itself and talking to the proxies.
Ok just as a follow up what I am seeking is only a step by step understanding of AD FS.  I am not able to hire a consultant which is why I am here.

Any help is greatly appreciated, here is the example lay out for our AD FS install:

adfs1.domain.local  (1st Internal ad fs server)
adfs2.domain.local (2nd internal ad fs server for load balancing)

adfsdmzpxy1 (1st dmz proxy server)
adfsdmzpxy2 (2nd dmz proxy server for load balancing)

We do not have a hard ware load balancer, we would use rms clustering (I believe).

Thanks again and I appreciate any help.
Also this is the document I followed:

http://gaptheguru.wordpress.com/2012/05/23/how-to-setup-active-directory-federation-services/

it seems incomplete. My tests dont seem to be working.
ASKER CERTIFIED SOLUTION
Avatar of footech
footech
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
@footech - Thanks to your documentation I got through most of it, question however, I have 2 servers in the farm, how do I set up the virtual IP for the redundant cluster, no HLB involved.  If you know how to lay this out to me let me know, I will be accepting your response above and can open a new question for you to answer this question too fully.

Thanks!
All I can speak to is NLB built-in to Windows, and even there my details are a little fuzzy.  It was pretty straight-forward to create the NLB cluster and it's virtual IP.  In DNS make sure you create/modify the A record (with the same name that you named your federation service during setup) so it points at that virtual IP.  That was all I had to do.
ok ill open a case.  I am still having issues with AD FS, which ill open a new issue for the one solution above helped me get it stood up... Thanks so much!!! 2x new issues coming your way keep an eye out :)
VERY helpful. Still having ad fs issues but this was to just get it stood up and this did do that job.

Thank you!