Checklist: Implementing a Web SSO Design
Applies To: Windows Server 2008
This parent checklist includes cross-reference links to important concepts about the Web Single-Sign-On (SSO) design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.
Note
Complete the tasks in this checklist in order. When a reference link takes you to a conceptual topic or to a subordinate checklist, return to this topic after you review the conceptual topic or complete the tasks in the subordinate checklist so that you can proceed with the remaining tasks in this checklist.
.gif)
Checklist: Implementing a Web SSO Design
| Task | Reference | |||
|---|---|---|---|---|
.gif) |
Review important concepts and examples for the Web SSO design and determine which Active Directory Federation Services (AD FS) deployment goals you can use to customize this design to meet the needs of your organization.
|
|||
|
Review the hardware, software, certificate, Domain Name System (DNS), account store, and client requirements for deploying AD FS in your organization. |
|||
|
According to your design plan, install one or more federation servers in the corporate network or in the perimeter network. Note The Web SSO design requires only one federation server to function successfully. A single federation server acts in both the account partner role and the resource partner role.
|
|||
|
(Optional) Determine whether or not your organization needs a federation server proxy in the perimeter network. |
|||
|
Install one or more AD FS-enabled Web servers to host your preferred federated application using the appropriate AD FS Web Agent. Note The Web SSO design requires at least one AD FS-enabled Web server.
|
|||
|
Depending on your Web SSO design plan and how you intend to use it, install either an Active Directory Domain Services (AD DS) account store or an Active Directory Lightweight Directory Services (AD LDS) account store in the Federation Service. |
|||
|
For SSO, incoming claims must be associated with organization group claims or custom claims that reside in the Federation Service. |
|||
|
If you are an administrator in the resource partner organization, install either a claims-aware application or a Windows NT token–based application, or both, using the appropriate checklist. Note The account partner administrator does not have to complete either of the following checklists.
|
.gif)
Note.gif)
.gif)
.gif)