SharePoint 2013 and ADFS 3.0 Lab Environment

Overview

This is the first article in our SharePoint 2013 and ADFS 3.0 Installation and Configuration series of articles.  In this article we just showcase the lab that we have setup where this series of articles was based as well as an explanation of the authentication flow associated with ADFS.

Lab Environment

  • Domain: splab.local (All machines joined to this domain)
  • Domain Controller
    • DC1.splab.local
    • Windows 2012 R2
    • ADFS 3.0 Server
    • 192.168.189.10
  • SQL Server
    • SQL1.splab.local
    • Windows 2012 R2
    • SQL 2014 Enterprise
    • 192.168.189.11
  • SharePoint Application Server
    • SP-APP-1.splab.local
    • Windows 2012 R2
    • SharePoint 2013 SP1
    • 192.168.189.15
  • SharePoint Web Front End Server
    • SP-WFE-1.splab.local
    • Windows 2012 R2
    • SharePoint 2013 SP1
    • 192.168.189.20
  • Workstation:
    • SP-Win7-01.splab.local
    • Windows 7 SP1
    • 192.168.153.100

image

Authentication Process Flow

The above image and steps below illustrate the authentication process with SharePoint functioning as the “Relying Party” and ADFS as the “Identity Provider”.

  1. User browses to the site (https://spt.splab.local )
  2. SharePoint receives the request and if more than one authentication provider is configured will present the user with a pick list (i.e. “Windows Authentication” and “ADFS”).  If the user selects the ADFS provider then SharePoint will redirect the client to https://adfs.splab.local/adfs/ls
  3. ADFS receives the request and a login form is provided to the user.
  4. ADFS authenticates the user with the appropriate identity provider (Active Directory)
  5. ADFS creates the logon token
  6. ADFS responds to the client with a token and the WS-Federation passive protocol URL for SharePoint
  7. The authenticated client presents token to WS-Federation passive protocol URL for SharePoint
Advertisements
Tagged with: , , , , , ,
Posted in ADFS, ADFS 3.0, SharePoint 2013, Windows Server 2012

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: