Implementing Your ADFS Design Plan

Applies To: Windows Server 2003 R2

The following environmental conditions and requirements are important factors in the implementation of your Active Directory Federation Services (ADFS) design plan:

• Supported partners: You usually use ADFS to work with partner organizations. To establish identity federation, determine the organizations with which you want to form a partnership. After a baseline ADFS deployment is in place, operating with partners involves adding partners, deleting partners, and updating partner information. Changes to partnerships may occur for a variety of reasons. For example, your ADFS deployment might require partnership updates if your partner changes its business significantly, your organization becomes part of a larger organization or a federation of organizations, or your organization is acquired by a different company. In any scenario in which you federate identities from multiple domains, you will need to know the domains (partners) that you are currently supporting and all the additional domains that represent potential partners.

• Supported application types: Some ADFS applications require access to operating system resources, while others are "claims aware." It is important to understand the type of applications that ADFS supports so that you can formulate administration requirements.

• Logical and physical architectural diagrams or deployment topology: You will need to know:

  • Whether ADFS servers will function in a set of farmed servers or on a single server.

  • Where your network deploys firewalls and proxies.

  • The location of resources and whether users are accessing resources from within your organization or from outside the organization or both.

How to implement your ADFS design using this guide

The next step in implementing your design is to determine in what order each of the deployment tasks must be performed. This guide uses checklists to help you walk through the various server and application deployment tasks that are required to implement your design plan. As shown in the following illustration, parent and child checklists are used as necessary to represent the order in which tasks for a specific ADFS design must be processed:

Use the following parent checklists in this section of the guide to become familiar with the deployment tasks for implementing your organization's ADFS design:

• Checklist: Implementing a Web SSO Design

• Checklist: Implementing a Federated Web SSO Design

• Checklist: Implementing a Federated Web SSO with Forest Trust Design