In my previous post, I explained my Federation Services setup and installed the FS roles on the servers in both domains.
Now, we'll configure IIS to use SSL on the FS servers.
STEP 2: FS - Configuring IIS on the webser (Resource domain)
A) Require SSL on both FS servers
1. on the web server open the IIS console
2. go to the Default Web Site and located the SSL settings.
3. choose Require SSL and for the client certificates choose Accept.
B) Certificate configuration of the IIS
1. open the IIS manager and browse to the Default Web Site.
2. Add a site binding in the Site Bingings action pane
3. Choose HTTPS as type and browse the certicate you created earlier for the FS
C) FS Web Agent
Next, we need to install the FS Web Agent, which makes you web server "claims aware"
1. open the Server Manager and add go to the Active Directory Federation Services role,
2. here click Add role Services and add the Claims-aware Agent. (if you have a seperate webserver (and for production I hope you do) you do the same but of course you go in via Add roles)
D) Creating a claims-aware application
Last in this post, we'll create a small default application as an example.
1. open the IIS manager and browse to the Default Web Site, right click it and choose Add Application.
2. choose an application name and select Classic .NET AppPool in the drop-down menu
3. point to the C:\Inetpub\wwwroot folder and create a seperate folder (do not use capitals for creating this folder)
4. Create the three files that make up the sample claims-aware application by using the procedures in Creating the Sample Claims-Aware Application.
That's it for this post, in the next post, we'll handle our certificates (creating, exporting and importing).
Federation Services setup posts:
1. Setting up Federation Services (FS) in a Windows 2008 (WS08) environment: Part 1: Overview and installation
3. Setting up Federation Services (FS) in a Windows 2008 (WS08) environment: Part 3: Configure the FS certificates
4. Setting up Federation Services (FS) in a Windows 2008 (WS08) environment: Part 4: Configuring the FS server in the Account domain
5. Setting up Federation Services (FS) in a Windows 2008 (WS08) environment: Part 5: Configuring the FS server in the Resource domain
6. Setting up Federation Services (FS) in a Windows 2008 (WS08) environment: Part 6: Creating the federation trust on both sides
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment