Step 5: Accessing the Sample Application from the Client Computer

  • Article

Applies To: Windows Server 2008

This step includes the following procedures:

  • Configure browser settings to trust the adfsaccount federation server

  • Access the claims-aware application from a Windows XP client

  • Access the claims-aware application from a Windows Vista client

Administrative credentials

To perform the procedures in this step, it is not necessary to log on with administrative credentials to the client computer. In other words, if you are logged on to the client as Alan Shen (alansh), you can access the claims-aware application without adding alansh to any of the local administrator groups (for example, Power Users, Administrators) on the adfsclient computer.

Configure browser settings to trust the adfsaccount federation server

Use the following procedure to manually configure Alan Shen's Internet Explorer settings so that the browser settings trust the adfsaccount federation server.

To configure browser settings to trust the adfsaccount federation server

  1. Log on to the adfsclient computer as alansh.

  2. Start Internet Explorer.

  3. On the Tools menu, click Internet Options.

  4. On the Security tab, click Local intranet, and then click Sites.

  5. Click Advanced.

  6. In Add this Web site to the zone, type https://adfsaccount.adatum.com, and then click Add.

  7. Click Close, and then click OK two times.

Access the claims-aware application from a Windows XP client

If you configured the adfsclient computer to run Windows XP, use the following procedure to access the sample claims-aware application from a client that is authorized for that application.

To access the claims-aware application from a Windows XP client

  1. Log on to the adfsclient computer as alansh.

  2. Open a browser window, and then go to https://adfsweb.treyresearch.net/claimapp/.

Note

You will be prompted twice (in the Security Alert dialog box) for certificate information. You can install each certificate by clicking View Certificate and then clicking Install, or you can click Yes each time that you are prompted. Each of these Security Alert prompts displays the message "The security certificate was issued by a company you have not chosen to trust." This is expected behavior because self-signed certificates are used for the purposes of this guide.

  1. When you are prompted for your home realm, click A. Datum Corporation, and then click Submit.

Note

You will be prompted one more time for a certificate.

  1. At this point the SSO Sample Application appears in the browser. You can see which claims were sent to the Web server in the SingleSignOnIdentity.SecurityPropertyCollection section of the sample application.

Note

If for any reason you have problems accessing the claims-aware application, consider running iisreset or rebooting the adfsweb computer. Then, try to access the application again.

Access the claims-aware application from a Windows Vista client

If you configured the adfsclient computer to run Windows Vista, use the following procedure to access the sample claims-aware application from a client that is authorized for that application.

To access the claims-aware application from a Windows Vista client

  1. Log on to the adfsclient computer as alansh.

  2. Open a browser window, and then install the required certificates on the client by doing the following:

    1. Go to https://adfsaccount.adatum.com/

      The browser displays a "Certificate Error: Navigation Blocked" error message that notifies you that the incoming certificate was not issued by a trusted certification authority. This error is expected behavior when you deploy AD FS servers with self-signed certificates.

    2. Click the Continue to this website (not recommended) link.

    3. In the address bar, click Certificate Error, and then click View certificates.

    4. In the Certificate dialog box, click Install Certificate.

    5. On the Welcome to the Certificate Import Wizard page, click Next.

    6. On the Certificate Store page, click Place all certificates in the following store, and then click Browse.

    7. In the Select Certificate Store dialog box, highlight Trusted Root Certification Authorities, click OK, and then click Next.

    8. On the Completing the Certificate Import Wizard page, click Finish.

    9. On the Security Warning dialog box, click Yes.

    10. Click OK twice.

    11. Repeat steps a through j using https://adfsresource.treyresearch.net and https://adfsweb.treyresearch.net to install all three certificates into the Trusted Root Certification Authorities certificate store.

  3. Go to https://adfsweb.treyresearch.net/claimapp/. When you are prompted for your home realm, click A. Datum Corporation, and then click Submit.

  4. At this point the SSO Sample Application appears in the browser. You can see which claims were sent to the Web server in the SingleSignOnIdentity.SecurityPropertyCollection section of the sample application.

Note

If for any reason you have problems accessing the claims-aware application, consider running iisreset or rebooting the adfsweb computer. Then, try to access the application again.