Professional Documents
Culture Documents
Implementing AD FS
Implementing AD FS
Implementing AD FS
Implementing AD FS
Module Overview
Overview of AD FS
Deploying AD FS
Implementing AD FS for a single organization
Implementing Web Application Proxy
• Implementing SSO with Microsoft online services
Lesson 1: Overview of AD FS
Identity federation:
• Enables identification, authentication, and authorization
across organizational and platform boundaries
AD DS
domain
7 controller
8
Federation
service 4 6 5
3
proxy
2
Federation
server
External client 1 9
Web server
What is Device Registration?
AD FS Domain controller
CA
SS O
SS O
Web Application Web
Registered Proxy claims-aware
device app
What is Device Registration?
AD FS components:
• Federation server • Relying parties
• Federation server proxy/ • Claims provider trust
Web Application Proxy
• Claims • Relying party trust
• Claim rules • Certificates
• Attribute store • Endpoints
• Claims providers
Prerequisites for an AD FS deployment
AD FS claims
AD FS claim rules
Claims provider trust
Relying party trust
• Demonstration: Configuring claims provider and
relying party trusts
AD FS claims
• AD FS:
• Provides a default set of built-in claims
• Enables the creation of custom claims
• Requires each claim have a unique URI
• Preauthentication types:
• AD FS
• Pass-through
• URLs:
• External
• Internal server
• Certificates
Logon Information
Virtual machines: 20743B-LON-DC1
20743B-LON-SVR1
20743B-LON-SVR2
20743B-LON-SVR3
20743B-LON-CL1
20743B-LON-CL3
User name: Adatum\Administrator
Admin
Password: Pa55w.rd
Estimated Time: 20 minutes
Lab Scenario
• Review Questions