Active Directory Federation Service (ADFS) is a component of Active Directory released as part of Windows Server 2003 R2. ADFS v1 can be used in various B2B/B2E/B2C Web Single Sign On and Identity Federation scenarios.
- Enable Federated SSO between organizations
- Enable Extranet SSO within the same corporate environment
- Support either password and client cert/smart card logon
- AD and ADAM intergration
- Easy installation (ADFS-A, ADFS-R, ADFS-Proxy, ADSF-Web Agent)
- NT Token based and Claims based web app support only
- Requires Windows Server R2 and ADFS web agent installation on IIS web server
- Everyone with machine join rights can setup ADFS Account server and Resource server (corporate may lose controll without security policy)
- No CardSpace support
8 out of 10
(0-2: fail to work, 3-5: work in demo/test environment, 6-8: work in production environment, 9-10: excellent quality, great value, highly recommended)
ADFS v2, to be released in Longhorn Server timeframe, will add support for:
- Rich client web service apps
- Windows CardSpace
- Others (undecided yet, such as manageability, SAML 2.0 support, brokered authentication ...)
Could you please help me out in deploying ADFS structure?I am new in this field.I have successfully deployed adfs infra given in the step by step guide.
Now i need to seperate the DC and ADFS server on different boxes in both sides.
What changes i need to do?
Please guide me.
You suggest you do it in a test environment before production deployment. It is good to seperate DC and ADFS for production deployment.
In test environment, it really doesn't matter and you can note down config settings, uninstall ADFS from DCs and re-install on other R2 servers.
If this is your production environment, you have to communicate downtime to users first, then follow steps you did in test. Keep Microsoft PSS support number handy and good luck!