This video creates a Relying Party Trust on the ITFreeTraining Federation Server. This trust allows the ITFreeTraining server to create claims that can be used by the HighCost Training Federation Server.
Access the rest of the course: http://ITFreeTraining.com/federation
Download the PDF handout: http://ITFreeTraining.com/handouts/fe...
Demonstration creating a relying party trust
The initial install and configuration of Active Directory Federation Services has already been performed in previous videos.
00:22 To configure the relying party trust, run Server manager from the quick launch bar.
00:34 From Server Manager, select the tools menu and then select “AD FS Management”.
00:42 Expand down to the container “Relying Party Trusts”, right click it and select “Add Relying Party Trust” to start the add relying party trust wizard.
00:55 Press start to get past the welcome screen.
00:58 The select data source screen determines how information about the relying party trust will be obtained. There are 3 options from which the data can be obtained. The first option contacts the server directly. As long as there is a direct connection and the server can create a secure connection this will work. The second option imports data that was exported from the other server to a file. The last option requires the administrator to enter in the data manually.
02:55 In this example the first option, “Import data the relying party published online or on a local network” will be used. In order to use the option, enter in the fully qualified domain name of the other server. In this case the other server name is HIADFS2012.HighCost.Local. This requires that the server is able to resolve the other server’s IP Address.
03:10 In this case an error will appear when the connection is attempted to be made. This is because a secure connection between the servers could not be made. In order for this to occur, the root CA certificate for each network needs to be exported and imported on the other server.
(See the instruction below on how to export and import the certificates in order to allow a secure connection)
09:50 In Server Manager open the tools menu and then select “AD FS Management” to open the AD FS management tool.
10:00 Expand down to “Relying Party Trusts”, right click it and select the option “Add Relying Party Trust”.
10:10 At the welcome screen, press start to start creating the relying party trust.
10:12 At the Select Data Source screen, select the option “Import data the relying party published online or on a local network” and then enter in the name of HighCost Training server and press next.
10:21 On the “Specify Display Name” enter a friendly name and some notes as required. This will help other administrators work out what the relying party trust does. Once complete press the next button. In this case the display name was entered in as “ITFreeTraining to HighCostTraining Relying Party Trust”.
10:28 The next screen determines the default condition that will be applied to the trust. This can be either permit or deny. If you use the deny option this will offer additional security however the trust will not work until security has been configured to define how it can be used. In this case, the second option “Deny all users access to this relying Party” making the default case deny for the trust. Once selected, press next to continue.
11:08 The next screen will show all the information that will be used to create the trust. Some information is obtained locally from the server and some from the remote server. The information is read only and cannot be changed. When you have finished looking at the information press next to move on to the next screen of the wizard.
11:25 The trust has now been created. On the last screen of the wizard is a tickbox “Open the Edit Claims Rules dialog for this relying party trust when the wizard closes”. This will open a dialog to edit the trust. In this case the option will be cleared and the trust opened manually. Then press close.
11:44 The new trust can be found in the container “Relying Party Trusts”. To edit it, right click it and select the option “Edit Claim Rules”.
11:59 The rules have 3 tabs.
12:01 The first tab is “Issuance Transform Rules”. This rule allows data to be changed before being sent to the other party.
12:17 The third tab “Delegation Authorization Rules”, this allows a user to impersonate another user.
Description too long for YouTube. Please see the following link for the rest of the description: http://itfreetraining.com/federation#...
See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube.
AD FS Configuring a Relying Party Trust Windows Server 2012 | |
| 3,559 views views | followers |
| 11 Likes | 11 Dislikes |
| Education | Upload TimePublished on 8 Jan 2016 |
Không có nhận xét nào:
Đăng nhận xét