Re: ADFS June 2006 Step-by-step guide
- From: Noremac <Noremac@xxxxxxxxxxxxxxxxx>
- Date: Mon, 31 Jul 2006 11:23:02 -0700
Hi Joe,
I think that would be very helpful. I have a simple web page too that spits
out Windows Identity principal so I'll take anything that I can get my hands
on to try and trouble shoot this.
I agree it was simple to setup the ADFS'd website. But I have something
wacky when anyone on the "account" domain can get to the site (without anyone
belonging to the "account" resource group).
Thanks,
Noremac
"Joe Kaplan (MVP - ADSI)" wrote:
Do you want my test page that I use? Actually creating the non-SharePoint.
token-based app in IIS is pretty trivial. You just create a web site and
configure ADFS on it in the IIS MMC.
My test page just spits out the user name and groups of the authenticated
user. It isn't much to look at, but it is helpful for debugging, since
that's the stuff you need to know. I'll put it up on my blog or something
if you are interested.
Also, enabling logging for token-based apps is sometimes helpful. The
troubleshooting section of the operations section of the ADFS TechNet docs
explains all the registry flipping you have to do to turn it on.
The other important thing is whether you are accessing the token site from
an account partner or the resource partner's own account store and how you
are doing the token mapping (user-to-user or group-based using claims and
resource groups).
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Noremac" <Noremac@xxxxxxxxxxxxxxxxx> wrote in message
news:B1305559-AB09-493C-9C42-C4E08B48A80F@xxxxxxxxxxxxxxxx
Hi Nick,
I've been on holidays and I just got your post.
I would definately like an existing sample on a non-portal token app.
I am hoping my issue relates to configuration that your instructions on
the
Windows NT token-based app will help me find.
Thanks!
"Nick Pierson [MS]" wrote:
Noremac,
Susieber alerted me to your post. I'm the author of the ADFS Step-by-Step
Guide.
Unfortunately, this guide has never been tested at Microsoft using a VM
environment. At some point I would really like to try this myself and
then
update the guide accordingly. I'm in the process of writing the
deployment
guide so I'm not exactly sure when I will be able to get to this.
I can tell you that this step-by-step guide has been thoroughly tested
using
4 computers, and that in this situation it does result in setting up a
successful ADFS test lab environment.
Since I have not personally set up the step-by-step guide using VMs, I
would
recommend that you acquire 4 computers and then follow the step-by-step
guide
from start to finish (the appendixes are not required to get a functional
demo working). Make sure to follow the IP addressing scheme and other
naming
schemes to the letter. If you don't want to go through it again, I
understand.
Also, if you are interested in setting up a non-SharePoint app for your
Windows NT token-based application, let me know. I can send you some
instructions for setting up a very simple token-based application that
has
been tested for use with our step-by-step guide.
Thanks,
Nick Pierson
Technical Writer - ADFS
Microsoft
http://blogs.technet.com/adfs_documentation/default.aspx
****This posting is provided "AS IS" with no warranties, and confers no
rights.****
- Follow-Ups:
- Re: ADFS June 2006 Step-by-step guide
- From: Joe Kaplan \(MVP - ADSI\)
- Re: ADFS June 2006 Step-by-step guide
- References:
- Re: ADFS June 2006 Step-by-step guide
- From: Joe Kaplan \(MVP - ADSI\)
- Re: ADFS June 2006 Step-by-step guide
- Prev by Date: Re: GPO Inaccessible for Windows 2003 and WSUS
- Next by Date: Re: Oh.... I'm just wondering who's seen this stumper...
- Previous by thread: Re: ADFS June 2006 Step-by-step guide
- Next by thread: Re: ADFS June 2006 Step-by-step guide
- Index(es):
Relevant Pages
|
