Date post: | 22-Nov-2014 |
Category: |
Technology |
Upload: | natallia-makarevich |
View: | 271 times |
Download: | 2 times |
Active Directory Federation Services
Active Directory Federation Services (AD FS) is a software component developed by Microsoft that can be installed on Windows Server operating systems to provide users with single sign-on access to systems and applications located across organizational boundaries. It uses a claims-based access control authorization model to maintain application security and implement federated identity.
What is Claim?
Claim is piece of information that describes given identity on some aspect. Take claim as name-value pair. Claims are held in authentication token that may have also signature so you can be sure that token is not tampered on its way from remote machine to your system.
Claims-based authentication
Claims-based authentication is more general authentication mechanism that allows users to authenticate on external systems that provide asking system with claims about user.
Claims-based authentication
1.User makes request to some application.2.System redirects user to authentication page of external system (it may also happen after system lets user to select external system where he or she wants to log in).3.After successful authentication external system redirects user back with some information.4.Application makes request to external system to validate user.5.If user is valid then user gets access to application.
SharePoint 2013 ADFS Prerequisites
1) Create DNS Entry
2) Create a Service Account
3) Create ADFS Certificate Template
4) Request Certificates
Installing AD FS v2◦ download the ADFS 2.0 installation
Installing AD FS v2◦ Right click “AdfsSetup.exe” and “Run as administrator”◦ Click “Next >” on the “Welcome to the AD FS 2.0 Setup Wizard” screen◦ Accept the terms of the license and click “Next >” ◦ On the “Server Role” screen select the “Federation server” radio button and click “Next >” to continue◦ Click “Next >” on the “Install Prerequisite Software” screen◦ Leave the “Start the AD FS 2.0 Management snap-in when this wizard closes.” checkbox selected and
click “Finish” to launch the post installation “AD FS 2.0 Federation Server Configuration Wizard”
Initial Configuration Click the “AD FS 2.0 Federation Server Configuration Wizard” link
Select the “Create a new Federation Service” radio button and click “Next >”
Initial Configuration Select the SSL certification that was previously created. For Service Communications
Specify the ADFS service account and password that was created during the prerequisite phase
AD FS V3?Differences:
AD FS is no longer dependent on IIS. This offers enhanced performance and reduces the foot print of services, especially when AD FS is installed on Active Directory domain controllers.
Remote installation and configuration through Server Manager.
UI support for installing AD FS with SQL Server
Group Managed Service Account support. This enables AD FS to be run with service accounts without managing expiring service account passwords.
SQL Server merge replication support when deploying AD FS across globally dispersed datacenters.
Note that in Windows Server® 2012 R2, the ‘stand-alone’ mode for AD FS setup has been removed.
Web Application proxy
Web Application proxy Web Application Proxy – a new Remote Access role service in Windows Server® 2012 R2 - to provide reverse proxy functionality for corporate web applications and services.
Web Application Proxy also functions as an AD FS proxy.