Join the computer that will become the federation server to a domain in the account partner forest or resource partner forest where it will be used to authenticate the users of that forest or from trusting forests. Name Resolution Requirements for Federation Servers Review information about how to update the corporate network Domain Name System (DNS) so that successful name resolution to federation servers can occur. Therefore, it is recommended that you use a fully qualified domain name (FQDN) such as and only use SSL certificates issued to the FQDN of your Federation Service.Ĭertificate Requirements for Federation Servers Caution: Though it has long been common practice to use certificates with unqualified host names such as these certificates have no security value and can enable an attacker to impersonate the AD FS Federation Service to enterprise clients. Review information about how federation servers use service communication certificates and token-signing certificates to securely authenticate client and federation server proxy requests. Review the Role of the Federation Server in the Resource Partner Review the Role of the Federation Server in the Account Partner Review information in the AD FS Design Guide about where to place federation servers in your organizationĭetermine whether a stand-alone federation server or a federation server farm is better for your deployment.ĭetermine whether this new federation server will be created in the account partner organization or in the resource partner organization. Review AD FS capacity planning guidance to determine the proper number of federation servers you should use in your production environment. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.Ĭhecklist: Setting up a federation server Taskīefore you begin deploying your AD FS federation servers, review the 1.) advantages and disadvantages of choosing either Windows Internal Database (WID) or SQL Server to store the AD FS configuration database 2.) AD FS deployment topology types and their associated server placement and network layout recommendations. Complete the tasks in this checklist in order.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |