Installation of AD FS 2.0 federation proxy


Wed, 15 Jul 2020

3 to 5 mins read

Federation Proxy is required to service federated authentication requests when the user is situated outside of the corporate network.

This walkthrough provides a preview of the steps required to setup an ADFS Proxy Server in your environment so you can enable external access to claims aware on-premise or a cloud solution hosted by your SAAS provider.

Step 1

Make sure that an SSL binding exists for the Default Website on the IIS Server. Without this binding, AD FS 2.0 Configuration Wizard is going to complain as follows:

Ensure SSL Binding

Step 2

The process for requesting certificates needs to be initiated from a domain machine which has appropriate enroll privileges on the Web Server certificate template or any other template which complies with your enterprise Certificate Practice Statement.

Request New Certificate

Start the “Request New Certificate” wizard as shown. Follow the prompts until you see the following screen.

Step 3

Select-Cert Template
This is where appropriate certificate template is selected. In this case, Web Server certificate is selected. Click on the Details and Properties button to provide necessary information about the certificate.

Step 4

Provide the common name of the certificate as specified. This is the most important information about the certificate. It either needs to be either of the following:

  • DNS name of the proxy server if deployed in a standalone mode
  • DNS name of the load balancer behind which exists a farm of servers.
Provide Certificate Properties

Step 5

Switch to the General tab and provide a friendly name for ease of reference.

Provide Friendly Name

Switch to the Private Key tab and make the key exportable. This is required as we need to export the certificate off this computer onto our AD FS Federation Proxy Server.

Make Key Exportable

Step 6

Get done with the wizard and then click 'Enroll'.

Enroll for Certificate

Step 7

Copy Certificate

Copy the certificate onto the AD FS Federation Proxy Server and start the Certificate Import Wizard from IIS.

Step 8

Now start the AD FS 2.0 Federation Server Proxy Configuration Wizard.

Start AFDS Proxy wizard

Step 9

Provide the name of the AD FS 2.0 Federation Server (or the name of the farm)

Follow the instructions as specified.

Provide ADFS Farm Name

Step 10

Provide the domain information of a user which will be used for communication with the federation server.

Provide Service Account Name

Trust Token issue

This error means that the account presented in the previous step doesn't have required permissions to issue proxy trust token which is used to identity AD FS Proxy Server/s.

Proxy Trust Token Issue

If the account being used in the previous step was different from the AD FS service account provided during the setup of the federation server, then it needs to be added as a local admin to the federation server. If not, the service account should work just fine.

We are now ready to establish trust between the federation proxy and the federation server.

Ready to Apply Settings

The configuration results will now show up.

Apply Settings

Sit back and enjoy the progression of the steps as the process moves forward.

Next steps

Ask us about our accelerators -  with guided tours we can get you started quickly