Configuring ADFS on IAG

  • Article

Applies To: Intelligent Application Gateway (IAG)

To apply a server certificate

  1. On the computer running the IAG, click Start, and then click Run.

  2. On the Run dialog box, in the Open box, type inetmgr, and then click OK.

  3. In the IIS Manager program, in the navigation tree, under Web Sites, right-click Default Web Site, and then click Properties.

  4. On the Properties dialog box, click the Directory Security tab.

  5. On the Directory Security tab, in the Server Communication section, click Server Certificate.

  6. Follow the instructions in the Web Server Certificate Wizard for creating a certificate.

Note

Use the same server certificate you used when you created the portal trunk.

To run the ADFS configuration tool

  1. Access the following folder:

    …\Whale-Com\e-Gap\Utils\ADFS

  2. In the ADFS folder, double-click ADFSConfTool.vbs to run the tool.

    Once the tool is run, you are prompted to enter the external IP address of the ADFS portal trunk and a port number.

    Make sure that the process completes successfully.

  3. On the toolbar of the IAG Configuration, click the Activateconfiguration icon.

  4. In the Activate Configuration window, select Apply changes made to external configuration settings check box, and then click Activate.

To configure IIS and the ADFS Web Agent

  1. On the computer running the IAG, click Start, and then click Run.

  2. On the Run dialog box, in the Open box, type inetmgr, and then click OK.

  3. In the navigation tree, double-click the computer, right-click Web Sites, and then click Properties.

  4. On the ADFS Web Agent tab, in the Federation Service URL field, type the following, and then click OK:

    https://<Federation-server_URL>/adfs/fs/federationserverservice.asmx

    Note   If the ADFS Web Agent tab is not present, close the IIS snap-in, and then start the snap-in again.

  5. Double-click Web Sites, and then right-click Default Web Site. Click InternalSite, click ADFS, and then click Properties.

  6. On the ADFS Web Agent tab, follow these instructions:

    1. Select the Enable Active Directory Federation Services Web Agent check box.

    2. In the Cookie Path field, type /

    3. Make sure that the Cookie Domain field is empty.

    4. In the Return URL field, type the following, and then click OK:

      https://<IAG_External_URL>/

      Note

      The value in Return URL on this property page must precisely match the Application URL value that you specify when you set up the application on the Federation Service.