Creating ADFS to connect to a partner site for SSO

Hello Everyone,
Our HR Dept purchased some software that is in the cloud and the software company wants me to create a SAML authetication method for SSO. I'm guessing i can do this with ADFS, but I've never set one up before. I found a couple sites that talk about integrating it with Sharepoint but we need to point it to something like this:

https://domain.com/Authentication/saml20/FederationMetadata 

If someone could point me in the right direction i would be grateful. I currently have a Domain with windows 200R2 DC's. The two sites I found are:

ADFS SharePoint

ADFS with Windows 2012 R2

the top link uses Windows 2008 R2 and the bottom uses Windows 2012 R2. Not sure if one is better than the other.
LVL 2
msidnamAsked:
Who is Participating?
 
MaheshConnect With a Mentor ArchitectCommented:
The difference between ADFS 2.0 (2008 R2) and 3.0 (2012 R2)

ADFS 2.0 use IIS at backend and ADFS 3.0 do not have IIS (not required)

ADFS 2.0 does support SQL as database but you need some command line work to do because GUI did not support direct SQL Connection
ADFS 3.0 have proper GUI to connect to SQL database
All though ADFS can be work on Windows internal Database (WID), it is not recommended for production use
Multi-factor authentication support is enabled with ADFS 3.0
ADFS proxy of ADFS 2.0 component is replaced with Web authentication proxy (WAP) in ADFS 3.0 which is having more features, you can publish applications as well either through ADFS or u can use pass-thru authentication
With ADFS 3.0 you can enable windows 8 workspace join feature
ADFS 3.0 supports GMSA (group managed service accounts) as service accounts

I would recommend ADFS 3.0

Setup ADFS 1st
Check all prerequisites correctly, also be informed that ADFS server \ web proxy component needs to be published on internet, so you do required public domain name, hostname and IP and SSL certificate
Also you do need HA (TWO ADFS servers in corporate and TWO WAP servers in DMZ (may be you can put ADFS servers directly in DMZ and skip WAP)
You need to setup basic functional ADFS infra.

Once your base infra get ready, you can ask software company to provide procedure to setup claim based authentication with ADFS and so on.

U will get MS \ other blogs to setup basic ADFS infra correctly
0
 
Will SzymkowskiConnect With a Mentor Senior Solution ArchitectCommented:
Personally, I would be using the complete step by step guide found on MS technet. Below is the library where all of them are houses. You need to choose the step-by-step guide which fits your requirements.

ADFS 2.0 Step-by-step guide library

Will.
0
 
msidnamAuthor Commented:
I saw that first, but I wasn't using anything that the docs mentioned. i guess the closest thing would be "ADFS 2.0 Step-by-Step Guide: Federation with IBM Tivoli Federated Identity Manager ", but since ive never set one up im not 100% sure.
0
 
msidnamAuthor Commented:
thank you both for the info. I am out of town until next week and i think i will start installing ADFS on server 2012.
0
All Courses

From novice to tech pro — start learning today.