How to Set Up the AD FS 2.0 VM Lab Environment for Federated Collaboration
Applies To: Active Directory Federation Services (AD FS) 2.0
This document is intended for developers and system architects who are interested in completing the walkthrough demonstration of the features, functionality, and interoperability capabilities of AD FS 2.0 and Windows Identity Foundation (WIF).
About This Guide
This guide provides instructions for setting up federated identity technologies in a small test lab with servers running the Windows Server 2008 operating system. It explains how to install and configure all settings and prerequisite software necessary to create the four virtual machine (VM) images that you need to have available so that you can complete all the steps in the following guide:
- Federated Document Collaboration with Microsoft Office SharePoint Server 2007 and AD FS 2.0 (https://go.microsoft.com/fwlink/?LinkId=148503)
While you can download VM images that are preconfigured for trial use, this guide assists you if you choose to make the images yourself. The overall goal of this guide is to give you a good understanding of the base configuration requirements necessary to deploy and enable AD FS 2.0 technologies in your environment.
To maximize your chances of completing the objectives of this guide successfully, it is important that you do all of the following:
Complete the steps in this guide in the order in which they are presented.
Use the exact IP addresses that this guide specifies.
Use the exact computer, user, group, company, claim, and domain names that this guide specifies.
Important
Any modifications that you make to the configuration details in this guide may affect or limit your chances of setting up this lab successfully on the first try.
Note
Microsoft has tested this guide successfully with the Windows Server 2008 Hyper-V™ virtualization technology product.
The instructions in this guide take approximately four hours to complete.
What this guide does not provide
This guide does not provide the following information:
Guidance for setting up and configuring AD FS 2.0 for federation in a production environment.
Instructions for setting up and configuring a federation server proxy
Instructions for setting up the test lab computer (Hardware and software requirements are listed in the following section, however.)
Instructions for making your own base virtual hard drive (.vhd) images.
Requirements
To complete all the steps in this guide, you must have a virtual test lab computer where you can configure four virtual machines (VMs) running the Windows Server® 2008 R2 Enterprise operating system.
Your virtual test lab computer must be able to meet the minimum requirements in the following table.
Processor |
64-bit quad core with 2.0 gigahertz (GHz) or higher CPU speed |
Operating system |
Windows Server 2008 R2 Enterprise |
Memory |
8 GB or higher |
Disk drive |
80 GB or more of available space |
Additional software |
The following server role must be added:
|
Other devices |
CD-ROM or ROM drive |
High resolution monitor (1024x768 or higher) |
|
Keyboard and Microsoft mouse or compatible pointing device |
Administrative credentials
To perform all the tasks in this guide, use the local Administrator account for each computer, unless instructed otherwise. To create accounts in Active Directory Domain Services (AD DS), log on with the Administrator account for the domain. For example, when you create user accounts for Contoso Pharmaceuticals, use the CONTOSO\Administrator account.
About the lab environment
For the virtual test lab environment, create four VMs. Each of the VMs that you create and configure can be used later to accomplish scenario tasks in which you implement and evaluate a claims-based federated identity solution as described in the Federated Document Collaboration with Microsoft Office SharePoint Server 2007 and AD FS 2.0 (https://go.microsoft.com/fwlink/?LinkId=148503) guide. To set up the test lab to accomplish the goals in that guide, follow the steps in order as described in the following tables to establish a working test lab environment.
Step | Step title | Description |
---|---|---|
Create and Configure VMs using Hyper-V Manager |
This step demonstrates the information technology (IT) pro experience for creating a virtual test lab environment for the purpose of evaluating federated identity technologies. |
|
Download Prerequisite Software |
This step provides details about the software dependencies and applications that are required for updating each of the virtual servers and the virtual client so that you can use them to support the AD FS 2.0 test lab environment that you will need to emulate a business-to-business (B2B) federated identity configuration. |
|
Reconfigure the IP and DNS Settings for all VMs. |
This step demonstrates the network changes involved in reconfiguring network settings for the VMs to move from VM setup to the settings that are required for the private network that you will need for the virtual test lab. |
|
Install and Configure Active Directory Domain Services (AD DS) |
This step demonstrates the underlying configuration requirements for installing and configuring AD DS to be used by two separate companies that are involved in a B2B scenario. |
|
Step 5: Install and Configure IIS, Certificates, and Group Policy |
Install and Configure IIS, Certificates and Group Policy |
This step demonstrates the underlying configuration requirements for installing and configuring Internet Information Services (IIS), Active Directory Certificate Services (AD CS) and Group Policy for both of the companies involved in a B2B scenario. |
Step 7: Install and Configure Windows Claims-Aware Identity Software |
Install and Configure the SharePoint Site on ContosoSrv02 |
This step demonstrates the underlying configuration requirements for installing and configuring Microsoft Office SharePoint Server 2007 for document collaboration needs in a B2B scenario. |
Step 6: Install and Configure the SharePoint Site on ContosoSrv02 |
Install and configure Windows claims-based identity software |
This step demonstrates the underlying configuration requirements for installing and configuring AD FS 2.0 and related technologies for federation service in both of the companies involved in a B2B scenario. |
Step 8: Configure ContosoSrv02 and FabrikamSrv02 for Step-Up Authentication |
Configure ContosoSrv02 and FabrikamSrv02 for step-up authentication scenario |
This step demonstrates the underlying configuration requirements configuring step-up authentication. |