Here’s a step by step guide to walk you through the steps you need to take to install an ADFS proxy server. First, however, there are a few requirements:

  • The ADFS Proxy must be able to communicate with the AD FS Server over port 443
  • The ADFS Proxy must be able to resolve the federation service name, for example Use the hosts file if you need to

Install the ADFS proxy role

When you launch the install program, click next

adfs setup screenshot

Accept the license and click next

adfs license agreement screenshot

On the server role screen, choose federation server proxy and click next

adfs server role screenshot

The wizard will automatically install the required prerequisites. Click next to begin the installation

install prerequisite software screenshot

When the installation is complete, uncheck ‘Start the ADFS 2.0’ and click finish. This is because IIS was installed as part of the prerequisites, and we now need to use IIS to import a certificate.

completed setup screenshot

Export and import a Certificate

When we installed the ADFS Server role, we requested and installed a certificate on that server. We now need to export the certificate and install it on the ADFS proxy.

First, however, we’ll export the server from the ADFS Server.

Exporting the certificate

On the ADFS server run mmc.exe, add the certificates snapin. Choose the computer account option.

certificates snap in screenshot

Once the certificate management console is open, expand personal and choose certificates. Right click on the certificate you want to export and under all tasks, choose export.

export screenshot

In the certificate export Wizard, click Next on the welcome screen.

On the export private key, choose the option, “Yes, export the private key”. It would also work if you choose the no option.

export private key screenshot

On the export file format screen, accept the default of personal information exchange and click next.

export file format screenshot

Type a password for the private key and click next.

password screenshot

Choose a location to save the file and click next.

Click finish to complete the export.

Importing the certificate

Now that we have the certificate exported from the ADFS server, we just need to import it to the ADFS Proxy server.

Open IIS manager, select the server name, and click on server certificates.

connections screenshot

In the upper right, click the import link

import screenshot

Browse to the location of the .pfx file you previously exported, type the password, and click ok.

import certificate screenshot

You should now see the certificate installed in IIS.

server certificates screenshot

Expand the computer name in IIS, select sites and then default web site. On the right, select bindings.

default web site home screenshot

In the site bindings window click add

site bindings screenshot

Choose .https in the type drowdown list and in the SSL Certificate drop down list, choose the certificate and click OK.

add site bindings screenshot

You can now configure the ADFS proxy server.

Configuring the ADFS proxy server

Launch the ADFS 2.0 federation server proxy configuration wizard.

adfs proxy configuration screenshot

Click next on the welcome screen.

adfs proxy configuration welcome screenshot

Enter the name of the federation service and click next. You’ll ensure the ADFS proxy can resolve this name (use the hosts file if necessary) and that it can connect over port 443 to it.

adfs proxy configuration service name screenshot

You should get a dialog box which says the federation service was successfully contacted.

adfs proxy configuration success screenshot

You may have to enter your credentials, and then the configuration should continue.

adfs proxy configuration results screenshot

Click close to complete the configuration.

Testing the AD FS Proxy Server

At this point you can test the ADFS Proxy Server. You’ll need to make sure that your external DNS entries for your federation service name resolve to the IP address of your ADFS proxy server.

Have a question or need help? The experts at MessageOps are ready to assist you. Contact us today to learn more or find out if you qualify for free implementation or migration assistance.

Was this article helpful?