Solved

Creating ADFS to connect to a partner site for SSO

Posted on 2015-01-22
4
390 Views
Last Modified: 2015-02-04
Hello Everyone,
Our HR Dept purchased some software that is in the cloud and the software company wants me to create a SAML authetication method for SSO. I'm guessing i can do this with ADFS, but I've never set one up before. I found a couple sites that talk about integrating it with Sharepoint but we need to point it to something like this:

https://domain.com/Authentication/saml20/FederationMetadata 

If someone could point me in the right direction i would be grateful. I currently have a Domain with windows 200R2 DC's. The two sites I found are:

ADFS SharePoint

ADFS with Windows 2012 R2

the top link uses Windows 2008 R2 and the bottom uses Windows 2012 R2. Not sure if one is better than the other.
0
Comment
Question by:msidnam
  • 2
4 Comments
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 100 total points
ID: 40564630
Personally, I would be using the complete step by step guide found on MS technet. Below is the library where all of them are houses. You need to choose the step-by-step guide which fits your requirements.

ADFS 2.0 Step-by-step guide library

Will.
0
 
LVL 2

Author Comment

by:msidnam
ID: 40567412
I saw that first, but I wasn't using anything that the docs mentioned. i guess the closest thing would be "ADFS 2.0 Step-by-Step Guide: Federation with IBM Tivoli Federated Identity Manager ", but since ive never set one up im not 100% sure.
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 400 total points
ID: 40568466
The difference between ADFS 2.0 (2008 R2) and 3.0 (2012 R2)

ADFS 2.0 use IIS at backend and ADFS 3.0 do not have IIS (not required)

ADFS 2.0 does support SQL as database but you need some command line work to do because GUI did not support direct SQL Connection
ADFS 3.0 have proper GUI to connect to SQL database
All though ADFS can be work on Windows internal Database (WID), it is not recommended for production use
Multi-factor authentication support is enabled with ADFS 3.0
ADFS proxy of ADFS 2.0 component is replaced with Web authentication proxy (WAP) in ADFS 3.0 which is having more features, you can publish applications as well either through ADFS or u can use pass-thru authentication
With ADFS 3.0 you can enable windows 8 workspace join feature
ADFS 3.0 supports GMSA (group managed service accounts) as service accounts

I would recommend ADFS 3.0

Setup ADFS 1st
Check all prerequisites correctly, also be informed that ADFS server \ web proxy component needs to be published on internet, so you do required public domain name, hostname and IP and SSL certificate
Also you do need HA (TWO ADFS servers in corporate and TWO WAP servers in DMZ (may be you can put ADFS servers directly in DMZ and skip WAP)
You need to setup basic functional ADFS infra.

Once your base infra get ready, you can ask software company to provide procedure to setup claim based authentication with ADFS and so on.

U will get MS \ other blogs to setup basic ADFS infra correctly
0
 
LVL 2

Author Comment

by:msidnam
ID: 40574006
thank you both for the info. I am out of town until next week and i think i will start installing ADFS on server 2012.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now