ADFS Setup

Hi I'm looking for good resources that would help me with set up ADFS (win server 2012R2) as STS. I need to integrate ADFS with ACS for my Azure application.

I was able to setup relying party trust (RLP) importing ACS metadata URL.  Attached are its properties.  

Now, how do I configure IIS to host the login page and allow SSL requests ? How do I get public ADFS metadata URL (I understand it should end with /FederationMetadata/2007-06/FederationMetadata.xml) ?

ADFS server is a Azure VM which is connected to our corp domain.

Please help!
1.png
FLNDEVAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Vasil Michev (MVP)Commented:
Pages are configured automatically as part of the AD FS role install. On server 2012R2, they run in kernel mode, and configuration is done via PowerShell or netsh. The federation metadata is available by default on the endpoint you noted above. So for the local server, this will be something like:

https://sts.domain.com/FederationMetadata/2007-06/FederationMetadata.xml

Similarly, for the remote server it will be available on the same endpoint. For example, this is the endpoint for O365:

https://login.windows.net/tenant.onmicrosoft.com/federationmetadata/2007-06/federationmetadata.xml

The only thing you will need to make sure is that the said endpoint is enabled (open the AD FS console -> Service -> Endpoints -> look at the bottom) and that your firewalls are not blocking it externally.
0
FLNDEVAuthor Commented:
So I understand that no explicit IIS configuration is required?

The end point does not work. Attached is the service endpoint info.

My ADFS VM has xxx.cloudapp.net:port address where as the name is xxx.companyname.local. I assume the latter is prefix for metadata url.

Could you help?
2.png
0
Vasil Michev (MVP)Commented:
It's the AD FS FQDN. Preferably, this needs to be accessible externally, so use sts.company.com or similar for the DNS record. CNAME records will give you trouble with SSO experience however, but you dont really have much choice when it comes to Azure VMs.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FLNDEVAuthor Commented:
Please supply any additional resources or links around this.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.