ADFS: Installation and Configuration

Intro

In this article, I propose to discover the AD FS and Proxy (WAF) roles. As part of the preparation for the 70-742 certification, I embarked on the mock-up of an infra.

What’s this ?

ADFS and the proxy that accompanies it can put several things in place:

  • An SSO system (for compatible applications) that allows single sign-on
  • Security by managing authentication before application
  • Cross-domain trust through ADFS proxy communication (different from domain trust within the active directory).

Prerequisites

For the realization of this tutorial here are the machines used:

  • LAB-AD1 : AD / DHCP / DNS / IIS
  • LAB-ADFS : ADFS
  • LAB-ADFS-PROXY : Proxy WAF(normally to be placed in DMZ)
  • A client
  • Generate a certificate for HTTPS binding with ADFS services (fs.lab.intra) and install it on the ADFS server in the personal store.
  • Generate a certificate for the HTTPS link for the test site (* .lab.intra) and install it on the IIS server in the personal store.

I used the AD1 server to have a test web page. On the client to run the federation url must point to the proxy.


How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

We are sorry that this post was not useful for you!

Let us improve this post!



Related Posts


Network share: enable enumeration based on access EBA
Introduction The access-based enumeration allows to display in a network share, only folders and files whose use has at least a right of reading. Other documents and folders will be hidden. Enabling this feature will increase the CPU resource consump

Sophos XG: installation on Hyper-V
In this tutorial, we will have how to install a Sophos XG firewall on a virtual machine with Hyper-V. For this article, I used the Sophos XG home version which is available for free. Prerequisites Download the ISO firewall on the site sophos and reco

Setting up a read-only domain controller – RODC
Introduction In this article, we are going to have how to set up a read-only domain controller (RODC). This type of controller, as the name suggests, is read-only, so it can not change user attributes or even add objects. There are several implementa

Leave a Comment