A Practical Guide to SharePoint 2013 - Book by Saifullah Shafiq

Tuesday, November 22, 2011

SharePoint 2010 and AD FS–Part 2

In the first part of this series we looked at the problem we were trying to solve by using these products together. In this part we are going to look at the setup and configuration of the AD FS server.

AD FS Service Account

When you install AD FS 2.0 you have the possibility to choose between a single server AD FS or a AD FS farm (which you can add servers to). It’s a good idea to configure a farm (even if you’re going to use a single server scenario, because it provides flexibility for the future should you need it). The only difference with configuring it as a farm is that for the farm you’ll need an AD service account that has an SPN configured on it, that’s all!

So in this step we’ll create the service account and register the SPN.

· Open AD user and computers and create a user (in this example AdfsSvc)

There a two possible ways to add the SPN to the user

· command line : setspn -a host/logon.example.com AdfsSvc

· GUI: Enable Advanced Features view on AD users and computers. Right-click the Service account. Select the Attribute Editor tab and scroll to servicePrincipalName and select edit. Add the SPNhost/logon.example.com

· ADFS 2.0 installation

· Logon to the server which will function as Federation Server. Download ADFS 2.0 RTW and start the installation by running AdfsSetup.exe. Choose Federation Server.

· The installation wizard will also install some additional features (.net Framework, IIS). Once installation is complete the ADFS 2.0 console will open. Do not run the configuration wizard yet.

