Checklist: Installing a Claims-Aware Application
Applies To: Windows Server 2008
This checklist includes the deployment tasks for preparing an Active Directory Federation Services (AD FS)–enabled Web server running Windows Server 2008 Standard or Windows Server 2008 Enterprise for installation of a claims-aware application.
Important
Make sure that you have set up your AD FS-enabled Web server using the guidance in Checklist: Installing an AD FS-Enabled Web Server before you proceed with the tasks in this checklist.
Note
Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
.gif)
Checklist: Installing a claims-aware application
| Task | Reference | |||
|---|---|---|---|---|
.gif) |
Review important changes to AD FS since the Windows Server 2003 R2 release, including improved application support. |
|
||
|
Review information in the Active Directory Federation Services Design Guide about the role that AD FS Web Agents play in deploying federated applications. |
|||
|
Review the information in the Active Directory Federation Services Design Guide to understand important concepts that are relevant to designing and deploying federated claims-aware applications. |
|||
|
Review information in the Active Directory Federation Services Design Guide to determine whether to use public key infrastructure (PKI) or Service Principal Name (SPN) for the security token protection method. |
|||
|
Review information in the Active Directory Federation Services Design Guide about the benefits of using Authorization Manager to make administration easier by using role-based access control methods. |
|||
|
Using Internet Information Services (IIS), configure your claims-aware application to enable anonymous access and to use Microsoft ASP.NET 2.0. |
|||
|
Edit the Web.config file for a claims-aware application so that it can use the claims-aware agent. |
|||
|
Use the Add Application Wizard in the Active Directory Federation Services snap-in to add a new claims-aware application entry to the Federation Service.
|
|
||
|
Enable any claims that you want to be sent to the application for authorization purposes. Note Before you begin this task, first install the appropriate claims in the resource partner organization.
|
|
||
|
(Optional) If your application requires them, you can choose authentication method restrictions for your claims-aware application. By default, an application accepts any authentication method that is provided to it. |
|
||
|
(Optional) If your application requires it, you can have the resource federation server sign security tokens using Kerberos or PKI signing schemes. The default token-signing scheme is set to PKI. |
|
||
|
To ensure the likelihood of successfully tracking down issues that may occur with your claims-aware application, configure event logging. |
|||
|
From a client computer, verify that the claims-aware application can be accessed using Integrated Windows authentication, and verify that anonymous access is enabled. |
.gif)
What's New in AD FS in Windows Server 2008 (.gif)
.gif)
Note