In this Part 2, we will continue where we left off in Part 1. That is we will install and configure Active Directory Federation Service (ADFS) 2.0 on ADFS serve.
After we have configured the servers, we will verify they work as expected.

Create a new ADFS certificate

In my case scenario, I will create a Domain Certificate for ADFS.
In order to create a Domain Certificate follow the steps bellow:

a. On DC (Domain Controller), click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

b. In the navigation pane, click Name of the DC (domain\Administrator).

c. In the results pane, under IIS, double-click Server Certificates.

d. In the actions pane, click Create Domain Certificate (The local domain certification authority will be used for this certificate)

e. In the Create Certificate window, on the Distinguished Name Properties page, in the Common name box, type sts.yourchilddomainname (for example: sts.onprem.contoso.com).

f. Type your information in the Organization, Organization Unit, City/locality State/province boxes, and then click Next.

g. On the Online Certification Authority page, under Specify Online Certification Authority, click Select.

h. In the Select Certification Authority window, click your Certification Authority (onprem-DC1-CA) and then click OK.

i. On the Online Certification Authority page, in the Friendly name box, type sts.yourchilddomainname.

j. Click Finish

Assign the certificate to the Default Website into IIS  

Since all client authentication against ADFS occurs via SSL, we need to import a server authentication certificate on each ADFS server.
Because all clients should trust this certificate, it’s recommended to import a certificate from a 3rd party certificate provider.
Although we use a wildcard certificate in this article series, a single name SSL certificate is sufficient.
If you use a single name certificate, the FQDN included should match the FQDN we configured in the previous article (in this example sts.losgrecos.cloudns.org).

To assign the certificate to the Default Website follow the steps bellow:

a. In the Internet Information Services (IIS) Manager, in the navigation pane, expand DC1 (ONPREM\Administrator), expand Sites, and then click Default Web Site

b. In the actions pane, click Bindings

c. In the Site Bindings window, click Add.

d. In the Add Site Binding window, click the Type drop-down menu and then click https.

e. Click the SSL certificate drop-down menu and then click sts.yourchilddomainname

f. In the Add Site Binding window, click OK.

g. In the Site Bindings window, click Close.

h. Close the IIS Manager.

Installing the Active Directory Federation Services

Download Active Directory Federation Services 2.0 RTW from Microsoft Download Center

After the download finish launch “AdfsSetup.exe” and then accept the license agreement

On the “Server Role” page, we need to specify which to configure. Since these are the two internal ADFS servers, we wish to configure a “Federation server” so select that and click “Next”

On the “Welcome to the AD FS 2.0 Setup Wizard” page, click “Next”

As you can see on the next page, the wizard will now install a couple of prerequisites on the server. Click “Next”

After a minute or so the wizard will complete successfully and we can now click “Finish”
Make sure to uncheck “Start AD FS 2.0 Management snap-in when this wizard closes” as we want to install Update 2 for AD FS 2.0 before we continue.

When the update has been applied, launch the AD FS 2.0 management console by going to “Start”–> “Administrative tools” and in here selecting “AD FS 2.0 Management”
In the AD FS 2.0 Management console, click “AD FS 2.0 Federation Server Configuration Wizard”

Configure Active Directory Federation Services

a. On DC, click Start, point to Administrative Tools, and then click AD FS 2.0 Management

b. In the AD FS 2.0 management console, in the results pane, click AD FS 2.0 Federation Server Configuration Wizard

c. On the Welcome page, verify that the Create a new Federation Service radio button is selected and then click Next

d. On the Select a Stand-Alone or Farm Deployment page, click the Stand-alone federation server radio button and then click Next

e. On the Specify the Federation Service Name page, verify that the SSL Certificate and Federation Service name are sts.yourchilddomainname and then click Next

If the certificate name is not correct, do not continue. You must cancel the wizard and create the correct certificate using the procedure in tasks 5 and 6.

f. On the Ready to Apply Settings page, review the configuration and then click Next

Wait for the configuration to complete.

g. On the Configuration Results page, review the results and click Close

h. Close the AD FS 2.0 management console and log off DC

Be in tune for Part 3….