Step 7: Install and Configure Windows Claims-Aware Identity Software
Applies To: Active Directory Federation Services (AD FS) 2.0
Before you can evaluate the federated document collaboration scenarios that this guide enables setup for, you must first install all Windows software programs that are necessary for creating a claims-based identity solution on the appropriate VM computers in the test lab environment. You must also perform several steps to configure both Federation Services before you begin walking through the scenarios.
This section includes the following procedures:
Install and configure AD FS 2.0 on ContosoSrv01
Install and configure AD FS 2.0 on FabrikamSrv01
Customize the AD FS 2.0 Sign-in pages
Install and configure WIF and SharePoint support software on ContosoSrv02
Install and configure the Desktop Experience feature on FabrikamSrv02
Install and configure Microsoft Office 2007 on FabrikamSrv02
Install and configure AD FS 2.0 on ContosoSrv01
To install and configure AD FS 2.0 on ContosoSrv01
Log on to ContosoSrv01 as CONTOSO\Administrator using the assigned password ("demo!23").
Locate the AdfsSetup.exe installable package that you downloaded and then double-click it.
On the Welcome to the AD FS 2.0 Setup Wizard page, click Next.
On the End-User License Agreement page, read the license terms. If you agree to them, select the I accept the terms in the License Agreement check box, and then click Next.
On the Server Role page, select Federation server, and then click Next.
On the Completed the Microsoft AD FS 2.0 Setup Wizard page, click Close.
Note
The wizard may ask you to restart the computer. If so, click Finish to restart the computer. After the computer is restarted, log in as CONTOSO\Administrator user. On the Start menu, click All Programs, point to Administrative Tools, and then click AD FS 2.0 Management.
Completing the wizard should open the AD FS 2.0 Management console.
If you do not see the AD FS 2.0 Management console, on the Start menu, click All Programs, point to Administrative Tools, and then click AD FS 2.0 Management.
In the console tree, click AD FS 2.0, and then, in the right pane, click AD FS 2.0 Federation Server Configuration Wizard.
On the Welcome page, select Create a new Federation Service, and then click Next.
On the Select Stand-Alone or Farm Deployment page, select New federation server farm, and then click Next.
On the Specify the Federation Service Name page, type sts1.contoso.com as the federation service name, and then click Next.
On the Specify a Service Account page, click Browse, type CONTOSO\adfssrvc, and then click OK.
In Password, type p@ssw0rd, and then click Next.
On the Ready to Apply Settings page, review the settings, and then click Next.
On the Results page, click Close.
Install and configure AD FS 2.0 on FabrikamSrv01
To install and configure AD FS 2.0 on FabrikamSrv01
Log on to FabrikamSrv01 as FABRIKAM\Administrator using the assigned password ("demo!23").
Locate the AdfsSetup.exe installable package that you downloaded, and then double-click it.
On the Welcome to the AD FS 2.0 Setup Wizard page, click Next.
On the End-User License Agreement page, read the license terms. If you agree to them, select the I accept the terms in the License Agreement check box, and then click Next.
On the Server Role page, select Federation server, and then click Next.
On the Completed the Microsoft AD FS 2.0 Setup Wizard page, click Close.
Note
The wizard may ask you to restart the computer. If so, click Finish to restart the computer. After the computer is restarted, log in as FABRIKAM\Administrator user. On the Start menu, click All Programs, point to Administrative Tools, and then click AD FS 2.0 Management.
Completing the wizard should open the AD FS 2.0 Management console.
If you do not see the AD FS 2.0 Management console, on the Start menu, click All Programs, point to Administrative Tools, and then click AD FS 2.0 Management.
In the console tree, click AD FS 2.0, and then, in the right pane, click AD FS 2.0 Federation Server Configuration Wizard.
On the Welcome page, select Create a new Federation Service, and then click Next.
On the Select Stand-Alone or Farm Deployment page, select New federation server farm, and then click Next.
On the Specify the Federation Service Name page, type sts2.fabrikam.com as the federation service name, and then click Next.
On the Specify a Service Account page, click Browse, type FABRIKAM\adfssrvc, and then click OK.
In Password, type p@ssw0rd, and then click Next.
On the Ready to Apply Settings page, review the settings, and then click Next.
On the Results page, click Close.
Customize the AD FS 2.0 Sign-in pages
Next, you customize the AD FS 2.0 sign-in pages with a custom log and set the authentication type to support Username/Password type authentication.
To customize the AD FS 2.0 sign-in pages
Log in to Contososrv01 as CONTOSO\Administrator using the assgined password ("demo!23").
Navigate to the folder c:\inetpub\adfs\ls.
Copy the Contoso_logo.png file to this folder.
Note
This document is part of the support files download for this lab setup. For more information, see the table in Step 2: Download and Install Prerequisite Software.
Open the file web.config.
In the <appSettings> section, replace logo.png with contoso_logo.png and uncomment that line.
In the <authenticationTypes> section, move the line <add name="Forms" .../> to the top of the list. Save the changes and close the file.
For changes on fabrikamsrv01, follow the steps above, except replace contoso_logo.png with fabrikam_logo.png.
Install and configure the WIF and SharePoint support software on ContosoSrv02
To install and configure the WIF and SharePoint support software on ContosoSrv02
Log on to ContosoSrv02 as CONTOSO\Administrator using the assigned password ("demo!23").
Install the following programs, and accept their default settings in the installation:
Windows Identity Foundation (Windows6.1-KB974405-x64.msu) (https://go.microsoft.com/fwlink/?LinkID=179831)
Microsoft-Federation-Extension-For-Sharepoint3.0 (Microsoft-Federation-Extensions-For-SharePoint3.0.msi) (https://go.microsoft.com/fwlink/?LinkID=179832)
Windows Identity Foundation SDK (WindowsIdentityFoundation-SDK.msi) (https://go.microsoft.com/fwlink/?LinkID=179833)
Install and configure the Desktop Experience feature on FabrikamSrv02
Before you install the Office component on FabrikamSrv02, the Desktop Experience feature must be installed to provide for a typical Windows desktop environment when you are working with the Windows Server 2008 R2 operating system in the VMs.
To install and configure the Desktop Experience feature on FabrikamSrv02
Log on to FabrikamSrv02 as FABRIKAM\Administrator using the assigned password ("demo!23").
Click Start, click Administrative Tools, click Server Manager, and then, in the left pane, click Features.
On the right pane, click Add Features.
On the Select Features page, click Desktop Experience.
Click Add Required Features in the message box that appears.
Click Next, and then click Install.
After the installation finishes, click Close to exit the wizard.
Restart the computer if you are prompted.
Install and configure Microsoft Office 2007 on FabrikamSrv02
To install and configure and Microsoft Office 2007 on FabrikamSrv02
Log on to FabrikamSrv02 with FABRIKAM\Administrator credentials.
Install the following programs, and accept their default settings in the installation:
Microsoft Office 2007
2007 Microsoft Office Suite Service Pack 2 (SP2) (https://go.microsoft.com/fwlink/?LinkId=191124)
2007 Office system hotfix package kb969413