Checklist: Implementing a Federated Web SSO Design

Article
08/09/2010

Applies To: Windows Server 2003 R2

This parent checklist includes cross-reference links to important concepts about the Federated Web Single-Sign-On (SSO) design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.

Note

Complete the tasks in this checklist in order. When a reference link takes you to a conceptual topic or to a subordinate checklist, return to this topic after you review the conceptual topic or you complete the tasks in the subordinate checklist so that you can proceed with the remaining tasks in this checklist.

Checklist: Implementing a Federated Web SSO Design

Review important concepts and examples for the Federated Web SSO design and determine which Active Directory Federation Services (ADFS) deployment goals you can use to customize this design to meet the needs of your organization.

Conceptual topic Federated Web SSO design

Conceptual topic Federated Web SSO example

Conceptual topic Identifying Your ADFS Deployment Goals

Review the hardware, software, certificate, Domain Name System (DNS), account store, and client requirements for deploying ADFS in both partner organizations.

Conceptual topic Appendix A: Reviewing ADFS Requirements

According to your design plan, install one or more federation servers in each partner organization.

Note
For the Federated Web SSO design, you need at least one federation server in the account partner organization and at least one federation server in the resource partner organization.

Checklist topic Checklist: Installing a federation server

(Optional) Determine whether or not your organization needs a federation server proxy. If your design plan calls for a proxy, you can install one or more federation server proxies in each partner organization.

Checklist topic Checklist: Installing a federation server proxy

If you are an administrator in the resource partner organization, install one or more ADFS-enabled Web servers to host your preferred federated application using the appropriate ADFS Web Agent.

Note

The account partner administrator does not have to complete the following checklist.

Checklist topic Checklist: Installing an ADFS-enabled Web server

According to your design plan, share certificates, configure clients, and configure the Federation Service in both partner organizations so that they can communicate over a federation trust.

Checklist topic Checklist: Configuring the account partner organization

Checklist topic Checklist: Configuring the resource partner organization

If you are an administrator in the resource partner organization, install either a claims-aware application or a Windows NT token-based application, or both, using the appropriate checklist.

Note

The account partner administrator does not have to complete either of the following checklists.

Checklist topic Checklist: Installing a claims-aware application

Checklist topic Checklist: Installing a Windows NT token-based application

Checklist: Implementing a Federated Web SSO Design

Additional resources