Overview
About this Microsoft Windows Server 2012 Training Course
This four-day instructor-ledMicrosoft Windows Server 2012 Training Course provides students with the knowledge and skills to install and configure Active Directory Federation Services 2.0 (AD FS). The Microsoft Windows Server 2012 Training Course focuses on terminology, user interfaces, and common configuration scenarios for AD FS. Students will learn how to design AD FS environments and supporting technology such as a Public Key Infrastructure. Students will also learn how to design AD FS for security and high availability.
Audience Profile
This Microsoft Windows Server 2012 Training Course is intended for Windows IT professionals who want to become Active Directory Federation Services (AD FS) enterprise administrators, and move into the role of designing AD FS environments.
At Microsoft Windows Server 2012 Training Course Completion
- After completing this Microsoft Windows Server 2012 Training Course, students will be able to:
- Define key concepts and terminology relating to Active Directory Federation Services 2.0.
- Install and configure Windows prerequisites for AD FS 2.0.
- Install and configure Public Key Infrastructure (PKI) for AD FS 2.0.
- Deploy AD FS 2.0 to provide claims-aware authentication in a single organization.
- Configure AD FS 2.0 to provide claims-aware authentication in a business-to-business federation.
- Design and deploy advanced AD FS 2.0 scenarios, including providing for high availability and SAML interoperability.
- Use the AD FS 2.0 claims rule language to create custom claim rules.
- Troubleshoot AD FS 2.0.
Description
Module 1: Introducing Claims-based Identity
This module explains how to recognize AD FS terminology and common uses for AD FS.
Lessons
- Claims-based Identity
- The Seven Laws of Identity
- Solutions for managing identities
- Active Directory® Federation Services (AD FS).
- Terminology used when working with AD FS
- Uses for AD FS
- Common terminology
Lab : Familiarizing Yourself with the Lab Environment
- Learning Hyper-V
- Using Remote Desktop
After completing this module, students will be able to:
- Discuss and describe the Seven Laws of Identity, and how they pertain to managing identities for users and applications.
- Examine existing solutions for managing identities.
- Describe the benefits of the Claims-based Identity model.
- Discuss the evolution of Active Directory Federation Services (AD FS).
- Describe common use cases for AD FS.
- Discuss common terminology used when working with AD FS and Claims-based Identity.
Module 2: AD FS 3.0 Prerequisites
This module explains how to configure Windows prerequisites for AD FS 3.0, including Windows Server and data stores. This module also explains how AD FS 3.0 utilizes Web services to achieve interoperability.
Lessons
- Windows Prerequisites
- Introducing Directory Services
- Active Directory and Active Directory Lightweight Directory Services
- Web Services, Standards, and Interoperability
Lab : Installing Windows Prerequisites for AD FS 2.0
- Configuring DNS Forwarders
- Testing Name Resolution
After completing this module, students will be able to:
- Identify the key Windows components required for AD FS.
- Describe the characteristics of a Directory Service.
- Describe the role Active Directory and AD LDS perform in an AD FS deployment.
- Describe what is meant by the terms Web Services, WS-*, and Security Assertion Markup Language (SAML).
Module 3: Public Key Infrastructure (PKI)
This module explains how to install and configure the Public Key Infrastructure (PKI) requirements necessary to deploy AD FS 3.0.
Lessons
- Introducing the Public Key Infrastructure
- PKI Basics
- Introduction to Cryptography
- PKI Design
- Installing and Configuring Certificate Services
Lab : Installing and Configuring a Public Key Infrastructure (PKI)
- Deploying a Root CA on LON-DC1
- Deploying a Root CA on TREY-DC1
- Create Certificates for Adatum
- Preparing Certificates for AD FS at Trey Research
After completing this module, students will be able to:
- Describe the concepts of a Public Key Infrastructure (PKI).
- Define and discuss the basics of PKI.
- Describe symmetric key and public key cryptography.
- Discuss options for PKI design.
- Describe the steps needed to install and configure Certificate Services.
Module 4: AD FS 2.0 Components
This module explains how to install and configure the Windows Identity Foundation (WIF), and how to install the AD FS 3.0 service in the federation server role.
Lessons
- The AD FS Role
- Claims Types, Endpoints, and Attribute Stores
- AD FS Security
- Administering AD FS
- Windows Identity Foundation
- Web Application Proxy
Lab : Installing AD FS Server
- Installing AD FS on LON-SVR2
- Configure Adatum AD FS
- TREY-DC1 AD FS Install
- Configure Trey AD FS
After completing this module, students will be able to:
- Describe the role of the federation server in an AD FS 3.0 installation.
- Understand the importance of claims, claim types, endpoints, and attribute stores for a successful AD FS implementation.
- Discuss best practices for securing an AD FS implementation, including the role of Public Key Infrastructure (PKI) certificates in securing the authentication and communication process.
- Describe the role of the Web Application Proxy.
- Describe the methods available to administer an AD FS server.
- Understand the role of the Windows Identity Foundation (WIF) in creating claims-based applications.
Module 5: Claims-based Authentication in a Single Organization
This module explains how to design and deploy AD FS 2.0 to provide claims-based authentication within a single organization.
Lessons
- Preparing for AD FS in a Single Organization
- AD FS Within a Single Organization
- Understanding Claims and Claim Types
- Claim Rules and Claim Rule Templates
- Creating Claim Rules from Templates
- Configuring AD FS in a Single Organization
Lab: Configuring Claims-based Authentication in a Single Organization
- Create Trusts with LON-SVR2
- Configure the Adatum Test App Using FedUtil.exe
- Configure a Relying Party Trust to the Adatum Test App
After completing this module, students will be able to:
- Define the certificate requirements for AD FS in a single organization.
- Discuss PKI certificate management for AD FS.
Module 6: Claims-based Authentication in a Business-to-Business Federation
This module explains how to design and deploy AD FS 2.0 to provide claims-based authentication in a business-to-business federation scenario.
Lessons
- Deploying AD FS in a Federated Environment
- Configuring a Claims Provider Trust
- Home Realm Discovery
- Managing Claims Across Organizations
Lab: Configuring Claims-based Authentication in a Business-to-Business Federation
- Configure DNS forwarding
- Configure certificate trusts
- Add a claims provider trust
- Configure a relying party trust
After completing this module, students will be able to:
- Deploy AD FS 2.0 in a business-to-business federation.
- Configure an AD FS Claims Provider Trust.
- Describe and configure the Home Realm Discovery process.
- Manage AD FS Claims and Federation Trust relationships across organizations.
Module 7: Advanced AD FS Deployment Scenarios
This module explains how to deploy an web application proxy. It also explains how to design an AD FS deployment to create a high-availability configuration, and how to configure AD FS 3.0 to achieve interoperability with SAML 2.0-compatible products and applications.
Lessons
- Implementing the Web Application Proxy
- Planning for High Availability
- Additional AD FS Configuration Scenarios
- AD FS 2.0 and SAML Interoperability
Lab: Advanced AD FS Deployment Scenarios
- Install and Configure the AD FS Proxy
- Install and Configure an AD LDS Attribute Store
After completing this module, students will be able to:
- Configure the AD FS 2.0 server in the Federation Server Proxy role.
- Configure AD FS 2.0 for redundancy and high availability.
- Deploy AD FS 2.0 to provide interoperability with SAML 2.0-compliant federation partners.
Module 8: The AD FS Claims Rule Language
This module explains how to configure custom AD FS claim rules using the AD FS 2.0 claim rule language.
Lessons
- Claims Life Cycle and Claims Engine
- Claims Rule Language
Lab: The AD FS Claims Rule Language
- Create custom AD FS rules
Module 9: AD FS Troubleshooting
This module explains how to audit, troubleshoot, and trace AD FS 3.0 components and claims-aware applications, at both the server and client level.
Lessons
- Configuring Auditing
- AD FS Troubleshooting
- Tracing AD FS Traffic
After completing this module, students will be able to:
- Configure troubleshooting and security auditing for AD FS 2.0.
- Use built-in Windows tools to troubleshoot AD FS components and prerequisites.
- Trace AD FS Web traffic for troubleshooting and configuration purposes.
Module 10: Customizing AD FS Pages
This module explains how to customize the AD FS default web pages, using PowerShell extensions.
Lessons
- General Sign In Page
- Custom Error Messages
- Home Realm Discovery
After completing this module, students will be able to:
- Understand the configuration of AD FS without IIS.
- Modify AD FS web pages using PowerShell.
- Define claims Provider options.