Although aged the ADFS Overview provides some key information for anyone looking to pass an older Office 365 Infrastructure exam.
ADFS was first introduced in Windows Server 2003 R2 Enterprise Edition – This uses ADFS V1
ADFS (V2) requires you to be running Windows Server 2008 SP2 or Windows Server 2008 R2; as a result, ADFS 2.0 does not require a particular operating system level, domain functional level, or forest functional level for the AD Domain Controllers used for authentication.
Federation service components consist of –
- Federation Server (FS)
- The Federation Server Proxy (FSP)
- The AD FS web agent (AD FS V1 only)
In this ADFS Overview we will now look at the various networking requirements of it’s function.
TCP/IP Connectivity –
FS in ADFS do not need to talk directly to each other for applications using the passive requester profile it will communicate directly when using WS-trust and during metadata exchange.
ADFS and DNS –
Federation Service Proxy (FSP) servers should use the same host name as the federation server they are protecting.
Depending on the solution required, a split DNS configuration may be necessitated.
ADFS requires the deployment of a solid TCP/IP network and DNS name resolution for a successful implementation.
Directory Services and AD FS
AD FS is a technology that allows one location, company, and party holding user accounts to project these identities to another party that hosts resources.
To do this, authentication is required somewhere along the line, ADFS can use AD and ADLDS to accomplish this.
ADFS uses Kerberos to authenticate with AD, and an LDAP call when communicating with AD’s younger brother, ADLDS, it can be secured with an SSL but is not required.
In both versions of ADFS (v1 and v2), Federation servers must be joined to an AD domain, however a Federation Server Proxy (FSP) does not need to be joined to a domain.
It is recommended to be used on a workgroup for best practice.