ADFS deep dive planning and design:

ADFS deep dive certificate planning:

Main Portal:

Technet videos:

Certificates requirements: Also previous: . In general a standard SSL certificate will be sufficient and you can use the same certificate for token signing and SSL communications (if acceptable by your security policy).

Certificate Requirements for Federation Server Proxies:

Federation server proxies are usually exposed to computers on the Internet that are not included in your enterprise public key infrastructure (PKI). Therefore, use a server authentication certificate that is issued by a public (third-party) certification authority (CA), for example, VeriSign or Comodo. When you have a federation server proxy farm, all federation server proxy computers must use the same server authentication certificate. It is important to verify that the subject name in the server authentication certificate matches the Federation Service name value that is specified in the AD FS 2.1 Management snap-in. To locate this value, open the snap-in, right-click Service, click Edit Federation Service Properties, and then find the value in Federation Service name text box. Note: Client authentication certificates are not required for AD FS 2.0 federation server proxies.

How to Replace the SSL, Service Communications, Token-Signing, and Token-Decrypting Certificates:


Prepare your network for federation servers:

and create A records for your AD Federation service name not CNAME !

BIG-IP hw load balancers and ADFS:

Backup ADFS:

Migrate ADFS DB to SQL:

Installation checklist :

In addition, this is an excellent article on configuring ADFS v. 2.0:


example of implementation with a cloud service:

ADFS design and deployment:

Understanding the ADFS proxy:

Planning Federation Server Proxy Placement:

Troubleshooting federation server proxy problems:

How to test if ADFS is functioning:

Guidance for Selecting and Utilizing a Federation Service Name:

Proxy Management:

Cmdlets in Windows PowerShell:

Replacing ADFS certificates:

Enable auditing of issued claims:


Other web resources about ADFS:


Use cases:

Steps by steps and use cases: