Export (0) Print
Expand All

Checklist: Installing a Windows NT token-based application

Updated: December 15, 2006

Applies To: Windows Server 2003 R2

This checklist includes the deployment tasks for preparing an Active Directory Federation Services (ADFS)-enabled Web server running Windows Server 2003 R2, Standard Edition, or Windows Server 2003 R2, Enterprise Edition, for the installation of a Windows NT token–based application.

ImportantImportant
Make sure that you have set up your ADFS-enabled Web server using the guidance in Checklist: Installing an ADFS-enabled Web server before you proceed with the tasks in this checklist.

noteNote
Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.

Checklist Checklist: Installing a Windows NT token–based application

 

  Task Reference
Checkbox

Review information in the Active Directory Federation Services Design Guide about the role that ADFS Web Agents play in deploying federated applications.

Conceptual topic Review the role of ADFS Web Agents

Checkbox

Review the information in the Active Directory Federation Services Design Guide to understand important concepts that are relevant to designing and deploying federated Windows NT token–based applications.

Conceptual topic Designing a Federated Application Strategy

Conceptual topic Identify the type of federated application to deploy

Checkbox

Review information in the Active Directory Federation Services Design Guide to determine whether to use Public Key Infrastructure (PKI) or Service Principal Name (SPN) for the security token protection method.

Conceptual topic Determine your security token protection method

Checkbox

Based on the needs of your Windows NT token–based application design, determine whether to use the resource account, resource group, or group-to-UPN (user principal name) impersonation method for purposes of authorization.

Checklist topic Checklist: Implementing a resource account mapping method

Checkbox

Using Internet Information Services (IIS), configure your Windows NT token–based application to enable anonymous access and to use ASP.NET 2.0.

Procedure topic Configure IIS to support a federated application

Checkbox

Edit the ADFS Web Agent tabs in IIS to enable the Windows NT token–based Web Agent.

Procedure topic Configure the Windows NT token-based Web Agent

Checkbox

Use the Add Application Wizard in the ADFS snap-in to add a new Windows NT token–based application entry to the Federation Service.

noteNote
Before you begin this task, first configure the trust policy in the resource partner organization. If you have not yet created and configured the trust policy in the resource partner organization, complete the tasks in Checklist: Configuring the resource partner organization.

Procedure topic Add a new Windows NT token-based application to the Federation Service

Checkbox

Enable any claims that you want to be sent to the application for authorization purposes.

noteNote
Before you begin this task, first install the appropriate claims in the resource partner organization.

Procedure topic Enable an organization claim for a federated application in the Federation Service

Checkbox

(Optional) If your application requires them, you can choose authentication method restrictions for your claims-aware application. By default, an application accepts any authentication method that is provided to it.

Procedure topic Configure authentication methods for a federated application

Checkbox

(Optional) If your application requires it, you can have the resource federation server sign security tokens using Kerberos or PKI signing schemes. The default token-signing scheme is set to PKI.

Procedure topic Configure the security token protection method for a federated application

Checkbox

To ensure the likelihood of successfully tracking down issues that may occur with your Windows NT token–based application, configure event logging.

Procedure topic Configure event logging for a Windows NT token-based application

Checkbox

From a client computer, verify that the Windows NT token–based application can be accessed using Integrated Windows authentication, and verify that anonymous access is enabled.

Procedure topic Verify that an ADFS-enabled Web server is operational

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft