I was working with ADFS 2.0 (“Active Directory Federation Services”) for a while when this simple question crossed my mind: How can I figure out if the connection between ADFS and AD “works”? Here is a simple test…
What is ADFS?
If you need some “position of trusts” beneath the AD-boarders you choose an Active Directory Service in the world of Microsoft. They are communicating between the dispatcher (own company-AD) and receiver (another AD or a big “center” like for example the Windows Azure Access Control Service) and issues claims for the registered user. Maybe this isn’t 100% accurate and maybe my choice of words doesn’t fit 100% but that’s how I understand the system
So, how do I test the functionality of the ADFS?
The ADFS uses the IIS to host his own end points. There is also a simple Login-page that every user can use:
Afterwards a simple „Login-Page“ appears – after one click on „login“ you should see something:
If this site appears without username/Password the login works over Kerberos – otherwise you should use NTLM.
If everything goes wrong (or the configuration database is “broken”) you will receive an error message like this:
What you can test with it
With that you just make sure that the configuration/connection between ADFS and your own AD “works” – not more – but it is possible that the problems appear already at this point. If the “opposite site” woks or not is another question.
I have an ADFS proxy running – what’s next?
Basically you test the “main” ADFS first and later you have a look from a different machine which is only looking at the Proxy to make sure the Login works. Afterwards it goes on until the “customer”.
In this blogpost you will find a better description (and I think that’s also where I found the advice): How to test if ADFS in functioning
I had some problems with the ADFS which are not totally solved but I still found some links which might be helpful for someone: