Using ADFS with SharePoint

To configure Active Directory Federation Services (ADFS) to work with SharePoint follow these instructions:

I have to say that it's awesome that we can configure SharePoint to use ADFS for user authentication as eases the burden on the SharePoint users because they don't have to remember another username and password. This is especially useful, if you're using SharePoint for public-facing website. I wish it was easier to configure though. Here are a few "gotchas" that I have encountered trying to get ADFS working with SharePoint:

  • Extend your SharePoint web application to dedicate a separate section/URL for ADFS authentication
  • The configuration guides are very exact, in the sense that everything must be done exactly as it says in the guide. If you do not follow the instructions to the point or if you miss a step or two, ADFS authentication won't work and it will be nearly impossible to figure out what you did wrong. More often than not, it will be a lot easier to uninstall/reinstall ADFS and try again
  • Read your old notes on PKI and DNS, because configuring ADFS with SharePoint requires your PKI and DNS skills to be very sharp. Let's face it we tend to forget skills that we do not use on day to day basis
  • Use ADFS Diagnostics Tool, it is a very useful tool
  • Use ADFS Organizational Group Claims when assigning access permissions in SharePoint
  • To assign permissions to a specific user (instead of the assigning permissions through ADFS Organizational Group Claims), user must log in to the SharePoint first.

Good luck!