ADFS 2.0 installation and setup experiences

I encountered many problems when installing ADFS. No answers are found on the Internet. After two weeks of continuous thinking, we finally solved all the problems perfectly. All ADFS servers are built. ADFS 2.0 is a solution for verifying user domain accounts outside the enterprise. It is divided into two parts. One is ADFS Server and the other is ADFS Proxy. The ADFS Server must be a Server in the domain. The ADFS Proxy can be a server in the domain or a server in a non-domain. The correct method is to set it to a server in a non-domain. Because ADFS Proxy is designed to directly face the Internet, the domain cannot be put on the server as well. Therefore, the server where the ADFS Proxy is located must be a non-Domain Server.

Create an external certificate. For example, if your company name is abc and your adfs proxy domain name is proxy.abc.com, create a certificate named proxy.abc.com and obtain a valid signature.

Install ADFS Server

You can get the adfssetupr2.exe installation package from Microsoft official website. Install it on a server that has been added to the domain. During installation, specify the certificate created earlier. You can install other products by default.

Then configure a Relying party with this parameter: https://proxy.abc.com/FederationMetadata/2007-06/FederationMetadata.xml,

Install ADFS Proxy

Use the installation package to install it on a non-Domain Server. This server is bound with an external IP address, which corresponds to the domain name proxy.abc.com. Then, specify the ADFS Server on which the proxy is set to https: // <adfs server internal host name>.

In addition to running the ADFS uninstall program, you must also delete the IIS Directory of adfs on the adfs Server.