Illustrating A Federal Web SSO Design You have been ask to consult a publishing
ID: 3814622 • Letter: I
Question
Illustrating A Federal Web SSO Design You have been ask to consult a publishing company to come up with an AD FS design. The publishing company , webBooks, wants its largest business partners , several booksellers to be able to access purchasing and inventory web applications running on the webBooks web server. WebBooks has a Windows server 2012 R2 network with active directory. It has a web server that’s publicly accessible through the perimeter network(DMZ) and plans to add a web server to host the purchasing and inventory web application. The application are directory enabled. Develop an AD FS design with an accompanying diagram, that webBooks can use to archives It’s goal of giving business partner single sign on access to its web based applications. For simplicity , include only one partner bookseller . You should include the following items in your design: A diagram , with the account partner and resource partner Labeled , showing servers and servers roles to run at both webBooks and the bookseller location. An explanation of the role of each server plus in the proces. A description of how authentication and authorization to web applications take place.
Explanation / Answer
Install the net Agent for Claims aware applications.
Download and installation the new restoration for ADFS described in the role issuer and the membership issuer can not be known as from home windows SharePoint offerings three.Zero on a windows Server 2003 R2-primarily based computer this is jogging ADFS and Microsoft windows SharePoint offerings 3.Zero (http http://pass.Microsoft.Com/fwlink/?LinkId=145397). This warm repair will be blanketed in home windows Server 2003 provider percent 2 (SP2).
Installation workplace SharePoint Server 2007, configure all of the services and servers in the farm, after which create a brand new web application. By default, this web utility may be configured to apply windows authentication, and it is going to be the access point via which your intranet customers will get admission to the website. In the example utilized in this newsletter, the website is named http://trey-moss.
Make bigger the web utility which you created in step 2 in any other zone. At the application management page inside the SharePoint critical administration web site, click Create or extend net software, click on make bigger an present web software, and then do the subsequent:
upload a number header. This is the DNS name via which the web site will be acknowledged to customers in the extranet. In this example, the call is extranet.Treyresearch.Net.
Alternate the zone to Extranet.
Deliver the web site a host header name that you may configure in DNS in your extranet users to remedy against.
Click Use comfy Sockets Layer (SSL), and change the port variety to 443. ADFS calls for that sites be configured to apply SSL.
Within the Load Balanced URL field, delete the textual content string :443. Net facts offerings (IIS) will robotically use port 443 due to the fact you specified the port range inside the preceding step.
Entire the relaxation of the steps at the page to complete extending the net utility.
At the exchange get right of entry to Mappings (AAM) page, affirm that the URLs resemble the subsequent desk.
Internal URL
quarter
Public URL for quarter
http://trey-moss
Default
http://trey-moss
https://extranet.Treyresearch.Net
Extranet
https://extranet.Treyresearch.Net
upload an SSL certificates to the Extranet web web site in IIS. Ensure that this SSL certificate is issued to extranet.Treyresearch.Internet, because this is the name that customers will use once they get right of entry to the web sites.
Configure the Authentication company for the extranet sector on your web utility to use net SSO by way of doing the subsequent:
at the utility management web page of your farm’s primary administration web site, click Authentication providers.
Click alternate in the top-right corner of the web page, and then pick out the internet utility on that you want to enable internet SSO.
In the list of two zones which can be mapped for this net application (each of which have to say windows), click the home windows link for the Extranet region