At this point you should have your AD FS server installed on your internal network. We’ll now walk through the process of installing and an AD FS proxy server. There are a couple requirements:

• The AD FS Proxy must be able to communicate with the AD FS Server over port 443.
• The AD FS Proxy must be able to resolve the Federation Service name, for example fs.domain.com. Use the hosts file if you need to.

Install the AD FS Proxy Role
• When you launch the install program, click Next.
• Accept the license and click Next.
• On the Server Role screen, choose Federation Server Proxy and click Next.
• The wizard will automatically install the required prerequisites. Click Next to begin the installation.
• When the installation is complete, uncheck “Start the AD FS 2.0…..” and click the Finish button. (The reason we are unchecking that box is IIS was installed as part of the prerequisites and we now need to use IIS to import a certificate.)

Export and Import a Certificate
When we installed the AD FS Server role we requested and installed a Certificate on that server. We now need to Export the Certificate and install it on the AD FS proxy.

First we’ll export the server from the AD FS Server.

Exporting the Certificate
• On the AD FS server run mmc.exe, add the Certificates Snapin. Choose the Computer account option.
• Once the Certificate Management Console is open, expand Personal and choose Certificates. Right Click on the Certificate you want to export and under All Tasks, choose Export.
• In the Certificate Export Wizard, click Next on the Welcome screen.
• On the Export Private Key, choose the option, “Yes, export the private key”. It would also work if you choose the No option.
• On the Export file Format screen, accept the default of Personal Information Exchange and click Next.
• Type a Password for the Private Key and click Next.
• Choose a location to save the file and click Next.
• Click Finish to complete the export.

Importing the Certificate
Now that we have the certificate exported from the AD FS server, we just need to import it to the AD FS Proxy server.
• Open IIS Manager, select the Server name and click on Server Certificates.
• In the upper right, click the Import Link
• Browse to the location of the PFX file you previously exported, type the password and click OK.
You should now see the certificate installed in IIS.
• Expand the computer name in IIS, select Sites and then Default Web Site. On the right, select Bindings.
• In the Site Bindings window click Add
• Choose HTTPS in the Type dropdown list and in the SSL Certificate drop down list, choose the certificate and click OK.
You can now configure the AD FS Proxy Server.

Configuring the AD FS Proxy Server
• Launch the AD FS 2.0 Federation Server Proxy Configuration Wizard.
• Click Next on the Welcome Screen
• Enter the name of the Federation Service and click Next. (You’ll need to make sure the AD FS proxy can resolve this name (use the hosts file if necessary) and that it can connect over port 443 to it.)
• You should get a dialog box which says the Federation Service was contacted successfully.
• You may have to enter your credentials, and then the configuration should continue.
Click Close to complete the configuration.

Testing the AD FS Proxy Server
At this point you can test the AD FS Proxy Server. You’ll need to make sure that your external DNS entries for you Federation Service name resolve to the IP address of your AD FS Proxy server.

 

 

Disclaimer: Many of the articles are taken from MSDN, Azure tutorials and other sources on internet to provide a single place for various information about azure development.No copyright on this information is claimed and the copyright of all information is acrrued to all original authors including MSDN and Microsoft azure training materials.Some of this information shall be outdated or incorrect and the authenticty of the information contained should be verified with changes in azure or your own environment. We do not recommend using any of this information without proper consultation.