In this article, I propose to discover the AD FS and Proxy (WAF) roles. As part of the preparation for the 70-742 certification, I embarked on the mock-up of an infra.
What’s this ?
ADFS and the proxy that accompanies it can put several things in place:
- An SSO system (for compatible applications) that allows single sign-on
- Security by managing authentication before application
- Cross-domain trust through ADFS proxy communication (different from domain trust within the active directory).
For the realization of this tutorial here are the machines used:
- LAB-AD1 : AD / DHCP / DNS / IIS
- LAB-ADFS : ADFS
- LAB-ADFS-PROXY : Proxy WAF(normally to be placed in DMZ)
- A client
- Generate a certificate for HTTPS binding with ADFS services (fs.lab.intra) and install it on the ADFS server in the personal store.
- Generate a certificate for the HTTPS link for the test site (* .lab.intra) and install it on the IIS server in the personal store.
To avoid an SSL error, install the certificate as a trusted root certification authority on the servers.
I used the AD1 server to have a test web page. On the client to run the federation url must point to the proxy.
To generate the certificates, I used itisscg. I put it to you because the publisher’s website is no longer available.