Welcome to our SharePoint 2013 ADFS 3.0 Installation and Configuration series of articles. This is an update to our original series that focused on ADFS 2.0. We’ve had several people request us to do go over setting up ADFS 3. There are also some things that we learned after our original series.
In our original series we looked at having a base web application with ADFS authentication and then extending the web application on a different port to allow for NTLM authentication. The idea would be that search would crawl the extended web application using NTLM authentication and then use the server remapping feature in search to remap crawled URLs. While this worked for the most part there were issues with Office Web App integration where not all URLs were properly remapped. Cases with Microsoft were opened and in the end it was decided that this was ‘by design’.
Since this didn’t produce the user experience that we wanted for our end users we went about it a different way. This article will include the ‘work around’ we used in the form of the Automatic Sign-In With Mixed Authentication solution we found as a supplemental article. A couple of the articles are recycled from the ADFS 2.0 series as they really haven’t changed other than the specifics of the lab and should be adequate to deliver the point.
This series of articles will cover our experience and hopefully provide insight to others as they embark on their own journey. Below is list of articles:
- Part 1: Lab Environment
- Part 2: Install Windows Certificate Authority
- Part 3: ADFS Prerequisites
- Part 4: How to Install and Configure ADFS 3.0
- Part 5: Configure Relying Party in ADFS 3.0
- Part 6: Configure Web Application for ADFS
- Part 7: Configure User Profile Service for ADFS
- Part 8: Validate Configuration with “Claims Viewer Web Part”
- Supplemental 1: Configure People Picker to resolve ADFS Identities
- Supplemental 2: Adding Host Name Site Collections to Existing Web Application Configured to use ADFS
- Supplemental 3: Configure Automatic Sign-In with Mixed Authentication