Checklist: Installing an ADFS-enabled Web server
Applies To: Windows Server 2003 R2
This checklist includes the deployment tasks for preparing a server running Windows Server 2003 R2, Standard Edition, or Windows Server 2003 R2, Enterprise Edition, for the Active Directory Federation Services (ADFS)-enabled Web server role.
Note
Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
.gif "Checklist")
Checklist: Installing an ADFS-enabled Web server
| Task | Reference | |||
|---|---|---|---|---|
.gif "Checkbox") |
Review information in the ADFS Design Guide about where to place ADFS-enabled Web servers in your organization. |
|||
|
Use the information in the ADFS Design Guide to determine whether a single ADFS-enabled Web server or a Web server farm is appropriate for your deployment. |
|||
|
Review information in the ADFS Design Guide about how ADFS-enabled Web servers require server authentication certificates to authorize client requests securely. |
|||
|
Review information in the ADFS Design Guide about how to update the perimeter network Domain Name System (DNS) so that successful name resolution between clients and ADFS-enabled Web servers in farms can occur. |
|||
|
Join the computer that will become the ADFS-enabled Web server to a domain in the resource partner forest where it will be used to authorize federated clients.
|
|||
|
Create a new resource record in the perimeter network DNS that points the DNS host name of the ADFS-enabled Web server to the IP address of the ADFS-enabled Web server. |
|
||
|
Install prerequisite applications such as, ASP.NET, Internet Information Services (IIS), and Microsoft .NET Framework 2.0 on the computer that will become the ADFS-enabled Web server. |
|||
|
After you obtain a server authentication certificate (or a private key), install it in IIS on the appropriate Web site or virtual directory where your federated application will reside. For an example of how to do this using the default Web site, see the link to the right. Note If you will be adding an ADFS-enabled Web server to an existing ADFS-enabled Web server farm, you must add the same server authentication certificate that you receive from the certification authority (CA) to the appropriate Web site or virtual directory where your federated application will reside on each of the servers that will be participating in the farm. |
|
||
|
(Optional) In a scenario in which you want to install the Federation Service on your ADFS-enabled Web server so that the same server will play both the ADFS-enabled Web server role and the federation server role, configure certificates in the following way:
|
N/A |
||
|
(Optional) As an alternative to obtaining a server authentication certificate from a CA, you can use the SelfSSL.exe tool to create a self-signed certificate for your ADFS-enabled Web server. Because the SelfSSL tool generates a self-signed certificate that does not originate from a trusted source, use the SelfSSL tool only in the following scenarios:
Warning It is not a security best practice to deploy an ADFS-enabled Web server in a production environment using a self-signed server authentication certificate. |
|
||
|
Install the ADFS Web Agent component on the computer that will become the ADFS-enabled Web server. |
|||
|
Install and configure a claims-aware application or a Windows NT token–based application on your new ADFS-enabled Web server. |
|||
|
From a client computer, verify that the ADFS-enabled Web server is operational. |
.gif "Conceptual topic")
.gif "note")
Note.gif "Procedure topic")
.gif "Checklist topic")