Solved

Creating ADFS to connect to a partner site for SSO

Posted on 2015-01-22
4
414 Views
Last Modified: 2015-02-04
Hello Everyone,
Our HR Dept purchased some software that is in the cloud and the software company wants me to create a SAML authetication method for SSO. I'm guessing i can do this with ADFS, but I've never set one up before. I found a couple sites that talk about integrating it with Sharepoint but we need to point it to something like this:

https://domain.com/Authentication/saml20/FederationMetadata 

If someone could point me in the right direction i would be grateful. I currently have a Domain with windows 200R2 DC's. The two sites I found are:

ADFS SharePoint

ADFS with Windows 2012 R2

the top link uses Windows 2008 R2 and the bottom uses Windows 2012 R2. Not sure if one is better than the other.
0
Comment
Question by:msidnam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 100 total points
ID: 40564630
Personally, I would be using the complete step by step guide found on MS technet. Below is the library where all of them are houses. You need to choose the step-by-step guide which fits your requirements.

ADFS 2.0 Step-by-step guide library

Will.
0
 
LVL 2

Author Comment

by:msidnam
ID: 40567412
I saw that first, but I wasn't using anything that the docs mentioned. i guess the closest thing would be "ADFS 2.0 Step-by-Step Guide: Federation with IBM Tivoli Federated Identity Manager ", but since ive never set one up im not 100% sure.
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 400 total points
ID: 40568466
The difference between ADFS 2.0 (2008 R2) and 3.0 (2012 R2)

ADFS 2.0 use IIS at backend and ADFS 3.0 do not have IIS (not required)

ADFS 2.0 does support SQL as database but you need some command line work to do because GUI did not support direct SQL Connection
ADFS 3.0 have proper GUI to connect to SQL database
All though ADFS can be work on Windows internal Database (WID), it is not recommended for production use
Multi-factor authentication support is enabled with ADFS 3.0
ADFS proxy of ADFS 2.0 component is replaced with Web authentication proxy (WAP) in ADFS 3.0 which is having more features, you can publish applications as well either through ADFS or u can use pass-thru authentication
With ADFS 3.0 you can enable windows 8 workspace join feature
ADFS 3.0 supports GMSA (group managed service accounts) as service accounts

I would recommend ADFS 3.0

Setup ADFS 1st
Check all prerequisites correctly, also be informed that ADFS server \ web proxy component needs to be published on internet, so you do required public domain name, hostname and IP and SSL certificate
Also you do need HA (TWO ADFS servers in corporate and TWO WAP servers in DMZ (may be you can put ADFS servers directly in DMZ and skip WAP)
You need to setup basic functional ADFS infra.

Once your base infra get ready, you can ask software company to provide procedure to setup claim based authentication with ADFS and so on.

U will get MS \ other blogs to setup basic ADFS infra correctly
0
 
LVL 2

Author Comment

by:msidnam
ID: 40574006
thank you both for the info. I am out of town until next week and i think i will start installing ADFS on server 2012.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question