Checklist: Installing a Federation Server
Applies To: Windows Server 2008
This checklist includes the deployment tasks that are necessary to prepare a server running Windows Server 2008 Enterprise for the Active Directory Federation Services (AD FS) federation server role.
Note
Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
Checklist: Installing a federation server
Task | Reference | |||
---|---|---|---|---|
Review important changes to AD FS since the Windows Server 2003 R2 release, including an improved installation process. |
What's New in AD FS in Windows Server 2008 (https://go.microsoft.com/fwlink/?LinkId=85684) |
|||
Review information in the Active Directory Federation Services Design Guide about where to place federation servers in your organization |
||||
Use the information in the Active Directory Federation Services Design Guide to determine whether a single federation server or federation server farm is preferred for your deployment. |
||||
Use the information in the Active Directory Federation Services Design Guide to determine whether this new federation server will be created in the account partner organization or the resource partner organization. |
Review the Role of the Federation Server in the Account Partner Organization Review the Role of the Federation Server in the Resource Partner Organization |
|||
Review information in the Active Directory Federation Services Design Guide about how federation servers use server authentication certificates and token-signing certificates to securely authenticate client and federation server proxy requests. |
||||
Review information in the Active Directory Federation Services Design Guide about how to update the corporate network Domain Name System (DNS) so that successful name resolution to federation servers can occur. |
||||
Join the computer that will become the federation server to a domain in the account partner forest or resource partner forest where it will be used to authenticate the users of that forest or from trusting forests.
|
||||
Create a new resource record in the corporate network DNS that points the DNS host name of the federation server to the IP address of the federation server. |
Add a Host (A) Resource Record to Corporate DNS for a Federation Server |
|||
Install prerequisite applications such as ASP.NET, Internet Information Services (IIS) and Microsoft .NET Framework 2.0 on the computer that will become the federation server. |
||||
Secure IIS using a server authentication certificate, and configure AD FS with a token-signing certificate. |
||||
Install the Federation Service role service on the computer that will become the federation server. Follow this procedure when you want either to create the first federation server in a new farm or to extend an existing farm. Note For the Federated Web Single Sign-On (SSO) and Federated Web SSO with Forest Trust scenarios, you must have at least one federation server in the account partner organization and at least one federation server in the resource partner organization.
|
||||
If this is the first federation server in your organization, configure the trust policy so that it conforms to your AD FS design. |
||||
From a client computer, verify that the federation server is operational. |