ADFS

Single Sign-On access to systems and applications located across organizational boundaries

ADFS - Directory Services

Active Directory Federation Services (ADFS) is a software component developed by Microsoft that can be installed on Windows Server operating systems to provide users with Single Sign-On access to systems and applications located across organizational boundaries. It uses a claims-based access control authorization model to maintain application security and implement federated identity.

ADFS as a relying party

Let us take an example to show you how to implement ADFS for Xecurify Windows Single Sign On

  • Installing Active Directory

  • Login to Windows Azure VM
  • Open the Server Manager from the task bar.
  • From Server Manager Dashboard select Add roles and features. This will launch the Roles and Features Wizard allowing for modifications to be performed on the Windows Server 2012 instance


  • Select Role-based or features-based installation from the Installation Type screen and click Next.
    Note: Roles are the major feature sets of the server, such as IIS, and features provide additional functionality for a given role.



  • The current server is selected by default. Click Next to proceed to the Server Roles tab.


  • From the Server Roles page place a check mark in the box next to Active Directory Domain Services. A notice will appear explaining additional roles services or features are also required to install domain services, click Add Features.
    Note: There are other options including, Certificate services, federation services, lightweight directory services and rights management. Domain Services is the glue that holds this all together and needs to be installed prior to these other services.


  • Review and select optional features to install during the AD DS installation by placing a check in the box next to any desired features; Once done click Next.


  • Review the information on the AD DS tab and click Next.


  • Review the installation and click Install.
    Note: The installation progress will be displayed on the screen. Once installed the AD DS role will be displayed on the 'Server Manager' landing page.


  • Configuring Active Directory

  • Open the Server Manager from the task bar.
  • Open the Notifications Pane by selecting the Notifications icon from the top of the Server Manager. From the notification regarding configuring AD DS click Promote this server to a domain controller


  • From the Deployment Configuration tab select Add a new forest from the radial options menu. Insert your root domain name into the Root domain name field.


  • Review and select a Domain and Forest functional level. Once selected fill in a DSRM password in the provided password fields. The DSRM password is used when booting the Domain Controller into recovery mode.


  • Review the warning on the DNS Options tab and select Next.


  • Confirm or enter a NetBIOS name and click Next.


  • Configure the location of the SYSVOL, Log files, and Database folders and click Next.


  • Review the configuration options and click Next.


  • The system will check to ensure all necessary prerequistes are installed on the system prior to moving forward. If the system passes these checks you will proceed by clicking Install.
    Note: The server will automatically be rebooted once the installation completes.


  • Once reboot is complete, the Active Directory is setup and configured.
  • Set up ADFS

  • After starting up server manager, Add Roles and Features wizard, select Active Directory Federation Services, then click Next.


  • We require only .NET 4.5 Features. Select these adn click on Next




  • Clicking next will then install the necessary bits.




  • Installation is complete. You can launch the ADFS configuration wizard from here, or alternatively if this window is closed it can be launched from server manager.


  • In the ADFS Configuration Wizards, you are given an option to either make a new ADFS farm or add to an existing farm. Select to create a new ADFS farm


  • Provide your Active Directory Domain admin credentials.


  • Select the SSL Certificate that you downloaded from Xecurify Admin Console Policy Page and provide the Federation Service Display Name


  • Select the database configuration


  • Review the options and click Next


  • The ADFS pre-requisite checks are done, and we can proceed to the configuration




  • ADFS Setup is now complete