Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Configuring IIS to support federation

Published: January 11, 2010

Updated: February 1, 2011

Applies To: Unified Access Gateway

This topic describes how to configure Internet Information Services (IIS) on Forefront Unified Access Gateway (UAG) to support Active Directory Federation Services (AD FS).

noteNote:
The certificate used to create the HTTPS connection must be configured on the default IIS Web site; otherwise, the AD FS configuration script will not succeed.

The following procedures describe how to configure the server certificate on the default IIS Web site, and how to configure IIS to support AD FS.

  1. On the Forefront UAG server, click Start, and then in the Start Search box, type inetmgr and press ENTER.

  2. In the IIS Manager, in the navigation tree, under Sites, right-click Default Web Site, and then click Edit Bindings.

  3. On the Site Bindings dialog box, click the HTTPS site binding that uses port 6002, and then click Edit.

  4. On the Edit Site Binding dialog box, in the SSL certificate drop-down list, click the server certificate that you used when you created the portal trunk.

  5. Click OK to close the Edit Site Binding dialog box, and then on the Site Bindings dialog box, click Close.

  1. On the Forefront UAG server, click Start, and then in the Start Search box, type inetmgr and press ENTER.

  2. In the navigation tree, click Default Web Site, and then in the center pane, in the Other section, double-click SSL Settings.

  3. In SSL Settings, select the Require SSL check box, and then in the Actions pane, click Apply.

  4. In the navigation tree, double-click Sites, double-click Default Web Site, double-click InternalSite, right-click ADFS, and then click Convert to Application.

  5. On the Add Application dialog box, click OK.

  6. In the navigation tree, double-click Sites, double-click Default Web Site, double-click InternalSite, click ADFS, and then in the center pane, in the IIS section, double-click Authentication.

  7. Click AD FS Windows Token-Based Agent, and then in the Actions pane, click Edit.

  8. On the AD FS Windows Token-Based Agent dialog box, select the Enable AD FS Web Agent check box. In Cookie Path, type /. Ensure that the Cookie Domain field is empty. In Return URL, type: https://<Portal trunk host name>/. Then click OK.

    noteNote:
    If you are publishing SharePoint applications, you must enter the domain corresponding to your Forefront UAG host name and the alternate access mapping (AAM) host name in the Cookie Domain field. For example, if the Forefront UAG portal uses the host name portal.woodgrovebank.com and the SharePoint AAM host name is sp.woodgrovebank.com, enter .woodgrovebank.com. For information about publishing SharePoint applications, see Configuring SharePoint AAM applications with AD FS.

 
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.