Intelligent Media Server v6 Integration Notes

Page tree

You are viewing documentation for IMS v6. If you are using Chorus, please switch to: https://www.thirdlight.com/docs/display/CDD/

Introduction

This guide is intended for Active Directory administrators who do not currently have an AD FS deployment.

If you have already deployed AD FS, then see AD FS via SAML2 for the steps to configure authentication.

This guide is based on Windows Server 2012R2 - the process should be equivalent for Windows Server 2008, 2008R2 or 2012, but the appearance will vary.

Prerequisites

Prior to configuring AD FS, you will need

  • A server running Windows Server 2008 or later, joined to your domain
  • A service user for AD FS
  • .NET Framework 3.5
  • An SQL Server instance
  • A valid, signed certificate for the domain of the AD FS 'Farm'

Configuring the Prerequisites

Creating a service user

  1. Launch Active Directory Users and Computers on a domain controller (or other system with AD management tools)
  2. Navigate to Managed Service Accounts within your domain (Administrative Tools > Active Directory Users and Computers > your.domain > Managed Service Account)
  3. Right click, select New -> User
  4. Enter 'AD FS Service Account' as name
  5. Enter 'adfs.svc' for user logon name
  6. Select a strong password, and make a note of it for later

Installing .NET Framework 3.5

  1. From Server Manager, select 'Add roles and features'
  2. If you see the 'Before you begin' page, click next
  3. Select Role-based or feature-based installation
  4. Select the server from the server pool
  5. Skip the Server Roles page
  6. Expand .NET Framework 3.5 Features, and select .NET Framework 3.5

  7. Finish the wizard

Preparing an SQL Server instance

This guide is based on SQL Server Express 2014.

Typically SQL Server Express will be sufficient for AD FS. It can be downloaded free from the MSDN Evaluation Center. Select 'Express with Advanced Services (SQLEXPRADV)'.

  1. Launch the Installer
  2. Select 'New SQL Server stand-alone installation or add features to an existing installation'
  3. Check Use Microsoft Update and click next
  4. You can normally leave the features and paths as defaults.
  5. Select Named instance, and enter ADFS
  6. You can normally use the default service account settings
  7. Select Windows authentication mode, and under SQL Server Administrators click Add, and enter adfs.svc and press enter (to select the AD FS service account)
  8. The installation will now be performed
  9. If there were no errors, you will see the below. Click close, or go back and correct any errors raised.

Creating an SSL Certificate for AD FS

  1. Open Powershell, type mmc and press enter
  2. Select File -> Add/Remove Snap-in..
  3. Select Certificates, click Add, then choose Computer account
  4. Select Local computer and click Finish
  5. Click OK
  6. Right-click Certificates (Local Computer) -> Personal -> Certificates, and select Create Custom Request...
    (On a new installation, the 'Certificates' subfolder may not exist. In that case, right click 'Personal' instead.)
  7. Click next
  8. Select "(No template) Legacy key"
  9. Expand Details, and click Properties
  10. Enter a name and description for the certificate
  11. Specify the subject of the certificate. The CN (Common Name) field MUST match the URI under which you will access AD FS.
    You may choose to add one component at a time, or the entire "Distinguished Name"
  12. Select Private Key, and choose a key size of 2048. You may wish to make the private key exportable
  13. Save the request to a convenient location
  14. Send the certificate request to a certification authority (e.g. Comodo, Geotrust or Verisign)
  15. Once you have a signed certificate, right-click Certificates (Local Computer) -> Personal -> Certificates, and select Import...
  16. Click Next
  17. Browse to find the signed certificate from the certificate authority
  18. Choose the 'Personal' certificate store
  19. Confirm the details, and click Finish
  20. You should see a success message  - if you get an error, check that you selected the certificate (not the request) and that it is readable
  21. Select the certificate, click More Actions -> All Tasks -> Manage Private Keys...
  22. Click Add...
  23. Enter adfs.svc and click Check Names, then click OK
  24. Grant the AD FS service account full control

Installing AD FS

  1. From Server Manager, select 'Add roles and features'
  2. If you see the 'Before you begin' page, click next
  3. Select Role-based or feature-based installation
  4. Select the server from the server pool
  5. Check Active Directory Federation Services and click Next
  6. Click through the Features page
  7. Click Next
  8. Click Install
  9. Once the installation completes, click "Configure the federation service on this server"
  10. Select Create the first federation server in a federation server farm
  11. Specify an administrative account in AD
  12. Choose the AD FS SSL certificate, and (if using a wildcard or UC certificate supporting multiple names), select the preferred Federation Service Name.
    Enter a name to be displayed on the portal, and click Next
  13. Enter the username and password for the AD FS service account
    (If you followed the prerequisite installation guide, this will be <your domain>\adfs.svc)

    (At this stage, depending on your environment, you may see a warning like the following, which can safely be ignored)
  14. Choose "Specify the location of a SQL Server database" and enter the host name and instance name for the database
    (If you followed the prerequisite installation guide, this will be the local server name, and 'ADFS')
  15. Review the configuration options, and click Next
  16. When the Pre-requisite Checks run, click configure. If they fail, review the settings or correct the problem and try again.
    (If you followed the prerequisite installation guide, there should not be any issues. Otherwise, a common problem here is the service account not having the necessary database permissions.)
  17. After the installation completes, you should see a success message. Click Close to finish
  18. To test the new AD FS installation, open a browser and go to https://<your Federation Service name>/adfs/ls/idpinitiatedsignon
    You should see a screen like the below, from which you can test signing in with your domain credentials


AD FS Configuration

Now that AD FS is installed, and known to be able to authenticate users, you can proceed to configure it for use with IMS.

To continue, follow the AD FS via SAML2 guide.


 

 

  • No labels