ADFS

https://mizitechinfo.wordpress.com/2015/01/08/simple-step-install-configure-adfs-in-windows-server-
2012-r2/

** before we proceed, make sure you create a new AD user called adfsService…

4 – On the Specify Service Account interface, click Use an existing domain user account or
group Managed Service Account and then choose adfs user that you created previously, and then click
next…

9 – to verify the ADFS functionality, log in to Windows 8.1 client PC as a AD user, and the open IE and
type : https://adfs.adatum.com/federationmetadata/2007-06/federationmetadata.xml,  and then verify
that the file loads successfully…
4th – Configure a certificate for the application

1 – Now switch to SVR1 server and open Internet Information Services (IIS) Manager and then
open Server
Certificates…

2 – then click Create Domain Certificate…

3 – In the Create Certificate interface on the Distinguished Name Properties, enter the
following information (please refer to snapshot), and then click Next…

4 – On the Online Certification Authority interface, click Select…

5 – click AdatumCA, and then click OK…

6 – On the Online Certification Authority interface, in the Friendly name box, type Adatum
Apps Certificate, and then click Finish…
7 – In IIS Manager, expand Sites, click Default Web Site, and then click Bindings…

8 – In the Site Bindings interface, click Add…

9 – In the Add Site Binding interface, in the Type box, select https, then in the SSL certificate box, select
Adatum Apps Certificate, and then click OK…

5th – Configure the Active Directory claims-provider trust

1 – Switch to DC1 server, and open AD FS Management, expand Trust Relationships, and then
click Claims Provider
Trusts, in the middle pane, right-click Active Directory, and then click Edit Claim Rules…
2 – In the Edit Claims Rules for Active Directory interface, on the Acceptance Transform Rules tab,
click Add Rule…

3 – In the Claim rule template box, select Send LDAP Attributes as Claims, and then click Next…
4 – On the Configure Rule interface, in the Claim rule name box, type Outbound LDAP Rule,
then in the Attribute Store drop-down list, select Active Directory.

** In the Mapping of LDAP attributes to outgoing claim types section, select the following
values and then click Finish:

5 – Then click OK…
6th – Configure the application to trust incoming claims

1 -Switch to SVR1 server, and then open Windows Identity Foundation Federation Utility

console….

2 – On the Welcome to the Federation Utility Wizard interface, in the Application
configuration location box, type C:\inetpub\wwwroot\AdatumTestApp\web.config for the
location of the sample web.config file…

** In the Application URI box, type https://lon-svr1.adatum.com/AdatumTestApp/ to indicate

the path to the sample application that will trust the incoming claims from the federation server,
and then click Next to continue…
3 – On the Security Token Service page, click Use an existing STS, in the STS WS-Federation metadata
document location box, type https://adfs.adatum.com/federationmetadata/2007-
06/federationmetadata.xml, and then click Next to continue…

4 – On the STS signing certificate chain validation error interface, click Disable certificate
chain validation, and then click Next…
https://blog.auth360.net/2013/09/13/first-impressions-ad-fs-and-windows-server-2012-r2-part-i/