Here’s a step by step guide to walk you through the steps you need to take to install an ADFS proxy server. First, however, there are a few requirements:
- The ADFS Proxy must be able to communicate with the AD FS Server over port 443
- The ADFS Proxy must be able to resolve the federation service name, for example domain.com. Use the hosts file if you need to
Install the ADFS proxy role
When you launch the install program, click next
Accept the license and click next
On the server role screen, choose federation server proxy and click next
The wizard will automatically install the required prerequisites. Click next to begin the installation
When the installation is complete, uncheck ‘Start the ADFS 2.0’ and click finish. This is because IIS was installed as part of the prerequisites, and we now need to use IIS to import a certificate.
Export and import a Certificate
When we installed the ADFS Server role, we requested and installed a certificate on that server. We now need to export the certificate and install it on the ADFS proxy.
First, however, we’ll export the server from the ADFS Server.
Exporting the certificate
On the ADFS server run mmc.exe, add the certificates snapin. Choose the computer account option.
Once the certificate management console is open, expand personal and choose certificates. Right click on the certificate you want to export and under all tasks, choose export.
In the certificate export Wizard, click Next on the welcome screen.
On the export private key, choose the option, “Yes, export the private key”. It would also work if you choose the no option.
On the export file format screen, accept the default of personal information exchange and click next.
Type a password for the private key and click next.
Choose a location to save the file and click next.
Click finish to complete the export.
Importing the certificate
Now that we have the certificate exported from the ADFS server, we just need to import it to the ADFS Proxy server.
Open IIS manager, select the server name, and click on server certificates.
In the upper right, click the import link
Browse to the location of the .pfx file you previously exported, type the password, and click ok.
You should now see the certificate installed in IIS.
Expand the computer name in IIS, select sites and then default web site. On the right, select bindings.
In the site bindings window click add
Choose .https in the type drowdown list and in the SSL Certificate drop down list, choose the certificate and click OK.
You can now configure the ADFS proxy server.
Configuring the ADFS proxy server
Launch the ADFS 2.0 federation server proxy configuration wizard.
Click next on the welcome screen.
Enter the name of the federation service and click next. You’ll ensure the ADFS proxy can resolve this name (use the hosts file if necessary) and that it can connect over port 443 to it.
You should get a dialog box which says the federation service was successfully contacted.
You may have to enter your credentials, and then the configuration should continue.
Click close to complete the configuration.
Testing the AD FS Proxy Server
At this point you can test the ADFS Proxy Server. You’ll need to make sure that your external DNS entries for your federation service name resolve to the IP address of your ADFS proxy server.
Have a question or need help? The experts at MessageOps are ready to assist you. Contact us today to learn more or find out if you qualify for free implementation or migration assistance.
Related blog posts
Get our updates straight to your inbox!
Sign up for our email updates to make sure you don't miss any of our new content.