Script to configure SharePoint to use ADFS authentication

More great tools by the ADFS team… Problems with the web.config files are one of the more common issues we see with ADFS/MOSS cases in PSS.  Now there is a script with will make the modifications for you. It is located on the SharePoint team blog and can be accessed here.

ADFS Diagnostic Tool

A huge thanks to the ADFS test team for developing such a great tool.    Here is a quick “how to”   The tool is very simple to use and provides a graphical UI. In order to perform distributed diagnosis, i.e. diagnose failures based on the configuration of multiple machines in the scenario, it’s necessary to copy the out file…


Enabling debug logging for Claims Aware Applications

  Place the following in your applications web.config file.  Place this after the </> section of the file.     <system.diagnostics>       <switches>         <add name=”WebSsoDebugLevel” value=”15″ />       </switches>       <trace autoflush=”true” indentsize=”3″>          <listeners>             <add name=”ADFSLogListener” type=”System.Web.Security.SingleSignOn.BoundedSizeLogFileTraceListener, System.Web.Security.SingleSignOn, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35, Custom=null” initializeData=”c:\adfs\logs\” />          </listeners>       </trace>     </system.diagnostics>

Update on configuring MOSS as a claims aware application

======================================================================================  UPDATE: I’m not going to remove this blog or the original blog on the web.config entries – but I do want to make note that these web.config files should not be modified directly anymore.  Please use the SetupSharePointADFS.vbs file to configure the MOSS applications for the SSO Provider.  The script eliminates the possiblility of…


ADFS Certificates – SSL, Token Signing, and Client Authentication Certs

  We are seeing quite a few support calls relating to certificate problems. Many of these are due to a misunderstanding of how the various certificates are used. ADFS/PKI issues are often very difficult to diagnose for the following reason – a lack of logging telling you what the problem is. For example – if…


ADFS Claims Aware Virtual Lab – now online

I recently worked with the folks that handle the virtual labs for Technet.  We corrected the certificate issues and some other minor issues.  You can access the lab here.   Event Overview: After completing this lab, you will be better able to set-up a trust relationship among business partners. You will walk-through creating, populating, and…


Configuring SQL Reporting Services to use ADFS Authentication

Special thanks to Rahul Shelar and Sachin Mundra from the ADFS and SQL teams for working with me on this latest issue.  Without their help, I would still be banging my head against the wall.  I learned quite a bit about SSRS along the way and also learned what the stupid checkbox in IIS really…


IFSEXT.DLL and the dialog box that is so very WRONG

  Ifsext.dll is the ADFS ISAPI used by the Token based Web Agent…We have seen issues before where we either need to add this manually or move it to the top of the list on the application config section of IIS. Once you go the properties of a web site, the Virtual Directory tab has…


Setting up an ADFS environment – Part 2

  This blog will build on my previous blog and walk you through the steps to getting your lab up and running. Let’s start on the Account side and install the Federation Server Service. Select add/remove programs, windows components, details of Active Directory Federated Services, then check the Federation Server checkbox Setup does a check…


Setting up an ADFS lab environment – Part 1

In this blog, I’ll go though the PKI portion of setting up Trey Research and Adatum. While you can do this a number of different ways – I always setup and use a Standalone CA instead of generating self-signed certificates. In my opinion, setting up a new CA (or making an existing lab box a…