Setting up ADFS Servers – Part 2

Download and Install ‘Microsoft Online Services Identity Federation Management Tool’

  1. Download the 32-bit module
  2.  

Walk through the install process selecting all the defaults

 

Generate CSR for the public certificate

  1. Click Start -> Administrative Tools -> Internet Information Services (IIS) Manager

     

  2. Click the Server Name

     

  3. Double Click Server Certificates

     

     

  4. Click ‘Create Certificate Request…’

     

  5. Complete the details for the certificate request and click ‘Next’.

     

  6. Keep in mind that the common name must match the architecture that we documented at the begging of the process. One other thing to keep in mind when doing through this process; don’t abbreviate your City and State/Province. Some of the public certificate issuers will not allow this.

     

  7. Leave the ‘Cryptographic service provider’ at the default setting. MAKE SURE to change the ‘Bit length’ to ‘2048’ and then click ‘Next’

     

  8. Choose a location and file name for the CSR. Click ‘Finish’

     

  9. Take the CSR and complete the request from a Public Certificate Issuer

     

  10. Complete the certificate request on ADFS01 once the Public Certificate Issuer has verified the request.

     

  11. Click Start -> Administrative Tools -> Internet Information Services (IIS) Manager

     

  12. Click the Server Name

     

  13. Double Click Server Certificates

     

  14. Click ‘Complete Certificate Request…’

     

  15. Complete the path to the file that you downloaded from the Public Certificate Authority. Enter the Friendly name for the certificate. I match this to the common name on the certificate. Click ‘OK’

     

  16. Once the request has been completed the certificate is now viewable in the ‘Server Certificate’ window

     

  17. Bind the Public Certificate (sts.contoso.com) to the Default Website on port 443

     

  18. Click Start -> Administrative Tools -> Internet Information Services (IIS) Manager

     

  19. Expand the server name

     

  20. Expand ‘Site’

     

  21. Select ‘Default Web Site’

     

  22. Click ‘Bindings…’

     

  23. Click ‘Add’

     

  24. Select https and then select the SSL certificate for the STS site.

     

  25. Click ‘OK’

 

The Complete Series of Posts

 

  1. Open Office 365 Account and Sign up for the E Plan Trail
  2. Add and Verify the primary SMTP domain
  3. Setting up ADFS Servers with Windows NLB
    1. Part 1
    2. Part 2
    3. Part 3
    4. Part 4

     

  4. Setting up ADFS Proxy Servers with Windows NLB
    1. Part 1
    2. Part 2

     

  5. Setup Directory Synchronization to Office 365

6.   Force AD Synchronization with Office 365

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me

Leave a Reply