Install ADFS in Server 2019 Step by step: ADFS(Active Directory Federation service) is a single sign-on solution to users built by Microsoft. ADFS works on Windows server with claims-based authentication. AD FS addresses a variety of business scenarios where the typical authentication mechanisms used in an organization do not work.
Prerequisites :
- SSL certificate
- ADFS service account
- ADFS namespace
- SQL Database (optional)
Installation :
-
- Install ADFS role from ‘Server Manager’ or using ‘PowerShell’
- Open ADFS configuration wizard by clicking the Notification icon in ‘Server Manager -> Dashboard’.
- Connect to AD DS: Provide the credential of domain admin to proceed with the installation and click ‘Next’.
- Specify Service properties: Import the SSL certificate from the location and the Federation service name will gets popped up automatically. Provide the display name for sign in page. I’m using self signed certificate for this demo.
- Specify Service Account: Enter the existing service account or create new service account for ADFS.
- In case of getting error that ‘KDS root has not been set’, run the following command to troubleshoot.
- Specify database : By default, ADFS config wizard will install and utilize the internal database. We can also use SQL database to avoid using internal database.
- Review options: Review the selections and click ‘Next’
- Pre-requisites Checks: ADFS config wizard validates the pre-requisites and click ‘configure’ once the check is passed successfully.
- Congratulation! ADFS is successfully configured now.
- Verification of ADFS installation:
-
- https://<adfs.domainname.com>/federationmetadata/2007-06/federationmetadata.xml
- https://<adfs.domainname.com>/adfs/fs/federationserverservice.asmx
- Another way of verification is accessing ‘Idpinitiatedsigninpage’ in browser. But this page is disabled by default in server 2016 & server 2019 installation. To enable ‘idpinitiatedsigninpage’ execute the following command in PowerShell.
- https://<iadfs.domainname.com>/adfs/ls/IdpInitiatedSignon.aspx
Set-AdfsProperties -EnableIdpInitiatedSignonPage $True
Hello Amar, I have followed all your steps. But the verification step2 ‘https:///adfs/fs/federationserverservice.asmx’ shows the Service Unavailable HTTP Error 503. Also I have enabled ‘IdpInitiatedSignOn’ and I can see the page which says SignIn. But when I signin with the domain admin account, it throws the error ‘The Webpage cannot be found’
I checked all the services related to ADFS is working fine. BTW, I have installed the server 2019 on AWS VPC. Please provide any suggestions.
This was the easiest walk through yet. Well done!