You can use Active Directory® Federation Services (AD FS) 2.0 with the Windows Server® 2008 operating system to build a federated identity management solution that extends distributed identification, authentication, and authorization services to Web-based applications across organization and platform boundaries. By deploying AD FS 2.0, you can extend your organization’s existing identity management capabilities to the Internet.
You can deploy AD FS 2.0 to:
- Provide your employees or customers with a Web-based, single-sign-on (SSO) experience when they need remote access to internally hosted Web sites or services.
- Provide your employees or customers with a Web-based, SSO experience when they access cross-organizational Web sites or services from within the firewalls of your network.
- Provide your employees or customers with seamless access to Web-based resources in any federation partner organization on the Internet without requiring employees or customers to log on more than once.
- Retain complete control over your employee or customer identities without using other sign-on providers (Windows Live ID, Liberty Alliance, and others).
About this guide
This guide is intended for use by system administrators and system engineers. It provides detailed guidance for deploying an AD FS 2.0 design that has been preselected by you or an infrastructure specialist or system architect in your organization.
If a design has not yet been selected, we recommend that you wait to follow the instructions in this guide until after you have reviewed the design options in the AD FS 2.0 Design Guide and you have selected the most appropriate design for your organization. For more information about using this guide with a design that has already been selected, see Implementing Your AD FS 2.0 Design Plan.
After you select your design from the design guide and gather the required information about claims, token types, attribute stores, and other items, you can use this guide to deploy your AD FS 2.0 design in your production environment. This guide provides steps for deploying either of the following primary AD FS 2.0 designs:
If a design has not yet been selected, we recommend that you wait to follow the instructions in this guide until after you have reviewed the design options in the AD FS 2.0 Design Guide and you have selected the most appropriate design for your organization. For more information about using this guide with a design that has already been selected, see Implementing Your AD FS 2.0 Design Plan.
After you select your design from the design guide and gather the required information about claims, token types, attribute stores, and other items, you can use this guide to deploy your AD FS 2.0 design in your production environment. This guide provides steps for deploying either of the following primary AD FS 2.0 designs:
- Web SSO
- Federated Web SSO
What this guide does not provide
This guide does not provide:
- Guidance regarding when and where to place federation servers, federation server proxies, or Web servers in your existing network infrastructure. For this information, see Planning Federation Server Placement and Planning Federation Server Proxy Placement in the AD FS 2.0 Design Guide.
- Guidance for using certification authorities (CAs) to set up AD FS 2.0
- Guidance for setting up or configuring specific Web-based applications
- Setup instructions that are specific to setting up a test lab environment. For more information about how to configure an AD FS 2.0 test lab environment, see AD FS 2.0 Step-by-Step and How To Guides (http://go.microsoft.com/fwlink/?LinkId=180357).
- Information about how to customize federated logon screens, web.config files, or the configuration database.
In this guide
- Planning to Deploy AD FS 2.0
- Implementing Your AD FS 2.0 Design Plan
- Checklist: Implementing a Web SSO Design
- Checklist: Implementing a Federated Web SSO Design
- Configuring Partner Organizations
- Configuring Claim Rules
- Deploying Federation Servers
More Here
Courtesy:http://technet.microsoft.com/en-us/library/adfs2-deployment-guide%28WS.10%29.aspx