Understanding ADFS and Federation by a example:
Comparing SAML, WS-FED and OAuth: https://blogs.technet.microsoft.com/askpfeplat/2014/11/02/adfs-deep-dive-comparing-ws-fed-saml-and-oauth/
ADFS 3.0:
First impressions: http://blog.auth360.net/2013/09/13/first-impressions-ad-fs-and-windows-server-2012-r2-part-i/
ADFS overview: http://technet.microsoft.com/en-us/library/hh831502.aspx
Technet videos: http://technet.microsoft.com/en-us/video/ff701694
ADFS how to for Office 365 : http://goodworkaround.com/node/53
Replacing ADFS certificates: http://jorgequestforknowledge.wordpress.com/2013/05/15/replacing-adfs-certificates/
Enable auditing of issued claims: http://jorgequestforknowledge.wordpress.com/2013/07/08/enabling-auditing-of-issued-claims-in-adfs-v2-x-and-adfs-v3-x/
WAP (Web application proxy):
- Youtube: Installing WAP for ADFS proxy: https://www.youtube.com/watch?v=n6dF_8ZsZFI
- Working with WAP: https://technet.microsoft.com/en-us/library/dn584113.aspx
- http://technet.microsoft.com/en-us/library/dn584113.aspx
- http://technet.microsoft.com/en-us/library/dn383648.aspx
WAP Deployment using powershell: http://blog.kloud.com.au/2013/08/14/powershell-deployment-of-web-application-proxy-and-adfs-in-under-10-minutes/
Upgrading from ADFS 2.x to 3.0:
- Web reference: http://technet.microsoft.com/en-us/library/dn486815.aspx
- Migrating ADFS Proxy: https://technet.microsoft.com/en-us/library/dn486800.aspx
- Migrating ADFS server: https://technet.microsoft.com/en-us/library/dn486800.aspx
- Customizing the ADFS 3.0 Sign-in page:
- https://technet.microsoft.com/en-us/library/dn280950.aspx
- https://blogs.msdn.microsoft.com/sakamati/2015/06/22/customizing-adfs-3-0-sign-in-page/
- https://deploywindows.info/2015/05/05/customize-your-adfs-login-page/
- https://github.com/biola/adfs_theme
- https://mwaler.wordpress.com/2014/05/28/customizing-your-adfs3-login-page/
- Upgrading – other articles:http://blogs.technet.com/b/askpfeplat/archive/2014/03/31/how-to-build-your-adfs-lab-part4-upgrading-to-server-2012-r2.aspxhttp://jackstromberg.com/2013/12/tutorial-upgrading-from-adfs-2-0-server-2008-r2-to-adfs-3-server-2012-r2/*http://jorgequestforknowledge.wordpress.com/2014/03/12/additional-powershell-scripts-for-migrating-adfs-v2-x-to-adfs-v3-0/
Principle:
We cannot upgrade a 2012 ADFS Proxy to 2012 R2 ADFS Proxy
We cannot mix a proxy in 2012 ADFS Proxy with internal ADFS in 2012 R2
For proxies:
Add new WAP Proxy server box (2012 R2) on DMZ zone
For internal ADFS servers:
Add new 2012 R2 box on same zone than internal ADFS servers
Migrate WID DB from existing ADFS internal servers to the new 2012 R2 box
Swap:
DNS Vip of HWLB in front of the ADFS proxies (exposed to internet) for adfs.mydomain.com will not change
DNS Vip of HWLD in front of the internal ADFS servers for adfs.mydomain.com will not change
But you need to add:
New WAP IP@s on HWLB device for ADFS-Proxy pool
Add new ADFS 2012 R2 IP@s on HWLB device for ADFS-Internal pool
