Setting up ADFS Proxy Server – Part 1

***NEW CONTENT***

If you are looking for AD FS setup for Windows Server 2012 to the NEW Office 365 (wave 15), then please checkout this series of posts.

Complete Series:

Getting to know the NEW Office 365

 

In the previous step we added the ADFS Servers and Federated with Microsoft. We verified SSO internally to Office 365. The next step is to add the ADFS proxy server so that we can have external authentication.

Let’s refer back to the documented solution. This will make it a lot easier to achieve your end goal. This will be the end goal architecture for setting up ADFS, ADFS Proxies and Directory Synchronization.

If your end goal is to only have single servers and not provide redundancy, then only install one ADFS Proxy Server

Add External DNS Records

  1. Add an external DNS ‘A record’ for ADFS Server Farm name. Keep in mind that the goal is to have multiple ADFS servers that will be load balanced. If this is not your goal and you want a single ADFS Proxy server; the external DNS is the same.

    Example:

    Farm Name – sts.contoso.com

    IP Address – x.x.x.x <- Make sure that this IP is accessible from the Internet

     

  2. Configure the Firewall – All communications happen over port 443. You will have to configure firewall rules from the internet to the DMZ and from the DMZ to the Internal zones.

    Multiple Servers – From the Internet, we want all traffic to be directed on port 443 to the cluster IP and then let the cluster decide what ADFS Proxy server to send it to.

    Single Server – From the Internet, we want all the traffic to be directed on port 443 to the ADFS Proxy Server.

     

  3. Base build a ADFS-PR01 and ADFS-PR02 with Windows Server 2008 R2 SP1 (Standard or Enterprise)

    Do not add the servers to the local domain

     

  4. Assign static IP addresses from your DMZ network (172.16.0.0)

     

  5. Change the Primary DNS Suffix for the server to contoso.com

     

  6. Click on Start button and Right Click Computer.

     

  7. Click on Properties.

     

  8. From the opened Window click Change

     

  9. From System Properties Window click Change.

     

  10. On Computer Name/Domain Changes Windows click More…

     

  11. Add the Primary DNS Suffix for the domain
  12.  

  13. Click OK and click on Restart Now

     

  14. Add HOSTS File – Since the servers are not domain joined and most likely will not have name resolution to the internal servers, you will have to add a hosts file with the names and IPs for the ADFS Servers, ADFS Cluster and ADFS Proxy Servers.

     

  15. Start -> Notepad (Right Click and Run as Administrator)

     

  16. Open -> C:\Windows\System32\drivers\etc\hosts

     

  17. While logged into ADFS-PR01 and ADFS-PR02 with an administrator account, open the Microsoft Online Admin Portal (https://portal.microsoftonline.com) and log in with a global administrator account.

     

  18. Click Downloads on the right had side of the page.
  19.  

  20. Click the ‘Set up’ button from ‘Set up and configure your Office and desktop apps’

     

  21. The application will launch

     

  22. Sign in with an account that has Global Admin rights on the Office 365 Account
  23.  

  24. Uncheck any applications that are checked so that only the ‘Microsoft Online Services Sign-in Assistant’ will be installed

     

  25. Accept the agreement to start the install

     

  26. Click Finish

     

Download and Install ADFS RTW

  1. Download ADFS 2.0 RTW making sure that you select the edition that matches the operating system on the ADFS server.

    http://www.microsoft.com/download/en/details.aspx?id=10909

     

  2. Install ADFS 2.0 RTW on ADFS-PR01 and ADFS-PR02

     

  3. Double click the file that you just downloaded to launch the install

     

  4. Click Next on the Welcome Screen

     

  5. Accept the License Agreement

     

  6. Server Role Option screen, select Federation Server Proxy

     

  7. Click ‘Next’ and walk through the rest of the install process. This will install all the required operating system components and setup the ADFS site in IIS
    1. Windows Identity Foundation
    2. .NET Framework 3.5 SP1
    3. Internet Information Services (IIS)
    4. Windows PowerShell 2.0

       

  8. When the install is finished, uncheck ‘ Start the ADFS 2.0 Management Snap-in’ and click ‘Finish’

 

 

The Complete Series of Posts

 

  1. Open Office 365 Account and Sign up for the E Plan Trail
  2. Add and Verify the primary SMTP domain
  3. Setting up ADFS Servers with Windows NLB
    1. Part 1
    2. Part 2
    3. Part 3
    4. Part 4

     

  4. Setting up ADFS Proxy Servers with Windows NLB
    1. Part 1
    2. Part 2

     

  5. Setup Directory Synchronization to Office 365

6.   Force AD Synchronization with Office 365

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me

Leave a Reply