ADFS Overview


Prerequisites

ADFS was first introduced in Windows Server 2003 R2 Enterprise Edition – This uses ADFS V1

In order to use the latest version of ADFS (V2) you will need to be running Windows Server 2008 SP2 or Windows Server 2008 R2. (This also includes Server 2012)

ADFS 2.0 does not require a particular operating system level and neither versions require a particular domain functional level or forest functional level for the AD Domain Controllers used for authentication.

The Federation service components consist of –

  • The Federation Server (FS)
  • The Federation Server Proxy (FSP)
  • The AD FS web agent (AD FS V1 only)

Networking Requirements

TCP/IP Connectivity –

FS in ADFS do not need to talk directly to each other for applications using the passive requester profile.

FS will communicate directly when using WS-trust, and optionally during metadata exchange.

ADFS and DNS –

Federation Service Proxy (FSP) servers should use the same host name as the federation server they are protecting.

Depending on the solution required, a split DNS configuration may be necessitated.

ADFS requires the deployment of a solid TCP/IP network and DNS name resolution for a successful implementation.

Directory Services and AD FS

AD FS is a technology that allows one location/company/party holding user accounts to project these identities to another party that hosts resources. In order to do this, authentication is required somewhere along the line, ADFS can use AD and ADLDS to accomplish this. ADFS uses Kerberos to authenticate with AD, and a LDAP call when communicating with AD’s younger brother, ADLDS, this call could be secured with an SSL but is not a requirement.

In both versions of ADFS (v1 and v2), Federation servers must be joined to an AD domain. However an Federation Server Proxy (FSP) does not need to be joined to a domain; it is recommended that this isn’t the case and instead used on a workgroup for best practice.

About Stephen Pothecary
IT Professional and Cloud Evangelist! IT Manager at Comms Group UK Ltd - Managed Services | Solutions | Procurement | Support Services | Cloud | Fujitsu!

3 Responses to ADFS Overview

  1. Pingback: The Federation Server As a Claims Provider | Office 365

  2. Pingback: ADFS Terminology | Office 365

  3. Pingback: Office 365 Introduction – #guru365 | Office 365

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: