STEP 5: FS - Configuring the Federation Servers (Resource domain)
To set up the Federarion Services in a resource domain, you need to perform four steps: trust policy, group claim, the infamous account store configuration & configuring the claims-aware application.
A) Trust policy configuration
1. Setting up Federation Services (FS) in a Windows 2008 (WS08) environment: Part 4: Configuring the FS server in the Account domain
B) Creating the group claim for the claims-aware application
1. Setting up Federation Services (FS) in a Windows 2008 (WS08) environment: Part 4: Configuring the FS server in the Account domain
C) Creating the AD DS account store
1. Setting up Federation Services (FS) in a Windows 2008 (WS08) environment: Part 4: Configuring the FS server in the Account domain
D) Configuring a claims-aware application
Here it starts getting different. Since we don't have the security group in this domain, we can't simply add it here. Instead, we add a claims-aware application:
1. Open Active Directory Federation Services and browse to Trust Policy --> My Organization and right click Applications to add a new Application.
2. In the Wizard, choose Claims-aware application, then enter a name and in the URL point to the application you created earlier.
3. Select User principal name (UPN) as a Accepted Identity Claim and Enable the application.
Federation Services setup posts:
1. Setting up Federation Services (FS) in a Windows 2008 (WS08) environment: Part 1: Overview and installation
2. Setting up Federation Services (FS) in a Windows 2008 (WS08) environment: Part 2: Configure IIS to use SSL on the FS servers
3. Setting up Federation Services (FS) in a Windows 2008 (WS08) environment: Part 3: Configure the FS certificates
4. Setting up Federation Services (FS) in a Windows 2008 (WS08) environment: Part 4: Configuring the FS server in the Account domain
6. Setting up Federation Services (FS) in a Windows 2008 (WS08) environment: Part 6: Creating the federation trust on both sides
No comments:
Post a Comment