Active Directory Federation Services

ADFS – How-to federate with a customer

Leave a Comment

What is ADFS ? It’s a web service that authenticates your users to Active Directory while also simultaneously providing them access to some claims-aware application (i.e. Office 365). Many times, these applications are typically used through the client’s web browser. The applications can be on-premises, off-premises, or even hosted by other companies. It doesn’t really matter where these applications live, who owns them, as long as they can accept a token with claims. ADFS is an identity access solution that provides client computers (internal or external to your network) with […]

Read More →

Azure

SQL/SSAS – Failover Cluster on Windows 2012 – Installation & Configuration

Leave a Comment

Confirm compatibility of your environnement before deploying a SQL failover cluster. https://docs.microsoft.com/en-us/windows-server/failover-clustering/clustering-requirements Disks configurations Disk 1 – Quorum: Is the quorum of the cluster. A cluster quorum disk is the storage medium on which the configuration database is stored for a cluster computing network. The cluster configuration database, also called the quorum, tells the cluster which physical server(s) should be active at any given time. Disk 2 – Data: This drive must be formatted using 64K. This is the one hosting the databases of the SQL instances Disk 3 – […]

Read More →

Active Directory Federation Services

ADFS – OpenID Connect Configuration

Leave a Comment

Create a new application group in ADFS with the following configuration : Standalone application > Server application Set a name that will define your application Hit next and copy the client identifier to a notepad, you will need it later. The redirect URI is the server local URI you will use to test your application using Visual Studio. You can use https://localhost:44320 or any local port for the tests. The redirect uri is where the client will be send to after the account authorization is successful. Hit next and select […]

Read More →

Active Directory Federation Services

ADFS – Web Application Proxy 2016 Installation & Configuration

Leave a Comment

Prepare two Windows 2016 servers with Windows Updates. Dont join them to the domain. Installing Web Application Proxy Let’s fire up the Add Roles Wizard from Server Manager As noted in the previous post, there is no longer a separate AD FS proxy role in Windows 2016.  The Remote Access feature provides VPN, Direct Access and Web Application Proxy (WAP) functionality.  It is the latter that we need to install. Select Remote Access Unless you want to add any features, like telnet * for troubleshooting purposes later, click next. The […]

Read More →

Active Directory Federation Services

ADFS – Active Directory Federation Services 2016 Installation & Configuration

Leave a Comment

Install and prepare two servers (adfs01/02.domain.com) 2016 with windows updates and join them to your domain. Determine the namespace that you will use for your ADFS (adfs.domain.com) Follow up the next step for completion. Service accounts As recommended by Microsoft,  a Group Managed Service Account (gMSA) has been created for managing the ADFS service. Specify which server will be permitted to use the service account. $server1 = Get-ADComputer “adfs01” $server2 = Get-ADComputer “adfs02” get-ADServiceAccount -identity SRVC_ADFS | set-adserviceAccount -DNSHostName SRVC_ADFS.domain.com -PrincipalsAllowedToRetrieveManagedPassword $server1, $server2   Certificate preparation Before the installation, you […]

Read More →