Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 444
  • Last Modified:

Creating ADFS to connect to a partner site for SSO

Hello Everyone,
Our HR Dept purchased some software that is in the cloud and the software company wants me to create a SAML authetication method for SSO. I'm guessing i can do this with ADFS, but I've never set one up before. I found a couple sites that talk about integrating it with Sharepoint but we need to point it to something like this:

https://domain.com/Authentication/saml20/FederationMetadata 

If someone could point me in the right direction i would be grateful. I currently have a Domain with windows 200R2 DC's. The two sites I found are:

ADFS SharePoint

ADFS with Windows 2012 R2

the top link uses Windows 2008 R2 and the bottom uses Windows 2012 R2. Not sure if one is better than the other.
0
msidnam
Asked:
msidnam
  • 2
2 Solutions
 
Will SzymkowskiSenior Solution ArchitectCommented:
Personally, I would be using the complete step by step guide found on MS technet. Below is the library where all of them are houses. You need to choose the step-by-step guide which fits your requirements.

ADFS 2.0 Step-by-step guide library

Will.
0
 
msidnamAuthor Commented:
I saw that first, but I wasn't using anything that the docs mentioned. i guess the closest thing would be "ADFS 2.0 Step-by-Step Guide: Federation with IBM Tivoli Federated Identity Manager ", but since ive never set one up im not 100% sure.
0
 
MaheshArchitectCommented:
The difference between ADFS 2.0 (2008 R2) and 3.0 (2012 R2)

ADFS 2.0 use IIS at backend and ADFS 3.0 do not have IIS (not required)

ADFS 2.0 does support SQL as database but you need some command line work to do because GUI did not support direct SQL Connection
ADFS 3.0 have proper GUI to connect to SQL database
All though ADFS can be work on Windows internal Database (WID), it is not recommended for production use
Multi-factor authentication support is enabled with ADFS 3.0
ADFS proxy of ADFS 2.0 component is replaced with Web authentication proxy (WAP) in ADFS 3.0 which is having more features, you can publish applications as well either through ADFS or u can use pass-thru authentication
With ADFS 3.0 you can enable windows 8 workspace join feature
ADFS 3.0 supports GMSA (group managed service accounts) as service accounts

I would recommend ADFS 3.0

Setup ADFS 1st
Check all prerequisites correctly, also be informed that ADFS server \ web proxy component needs to be published on internet, so you do required public domain name, hostname and IP and SSL certificate
Also you do need HA (TWO ADFS servers in corporate and TWO WAP servers in DMZ (may be you can put ADFS servers directly in DMZ and skip WAP)
You need to setup basic functional ADFS infra.

Once your base infra get ready, you can ask software company to provide procedure to setup claim based authentication with ADFS and so on.

U will get MS \ other blogs to setup basic ADFS infra correctly
0
 
msidnamAuthor Commented:
thank you both for the info. I am out of town until next week and i think i will start installing ADFS on server 2012.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now