12. listopadu 2008 21:30I am looking for some instructions to go along with the ADFS Diagnostics tool (using this on Server 2008 and I didn't see an ADFS forum).
I think this comes down to my lack of knowledge on ADFS, but I have the situation as follows:
servera.domaina.com hosts a sharepoint site that has been extended to the extranet zone for remote access
serverb.domaina.com hosts the ADFS on the domainA side
servera.domainb.com is where I want to allow access to the extranet site
So in this scenario which would be the FS-A, FS-R, or Web Agent? Any help would be appreciated.
14. listopadu 2008 8:00Moderátor
For your scenario, serverb.domaina.com is FS-A; FS-R is servera.domaina.com;
In a typical transaction, an account-side FS (FS-A) retrieves user attributes from Active Directory, authenticates the user against Active Directory, generates a collection of claims for use in the access request, and issues a security token which includes the appropriate claims.
Claims are statements made about users, understood by both parties in a federation, that are used for authorization purposes in an application (e.g, if Joe is a manager, then Joe’s access request may include the “manager” claim, which results in certain access rights). Based on the type of client, the FS-A returns the security token either to the FS Proxy or to the client. A second FS at the resource (FS-R) validates the token for authenticity, then consumes the token, passing the enclosed claims to an application for use in making authorization decisions.
I also search the following resources about ADFS. I list them here and hope these would be helpful:
Need help Troubleshooting ADFS? Check out the ADFS Diag Tool...
Introduction to Active Directory Federation Services
14. listopadu 2008 8:16Thanks.