Two servers, one to host AD FS 2.0 and the other to host Access Manager.
AD FS 2.0 is deployed.
ADFS 2.0 with WIF is deployed.
The test deployment that was created in the AD FS 2.0 Federation with a Windows Identity Foundation (WIF) application http://go.microsoft.com/fwlink/?LinkId=193997 is used as starting point for this deployment. A single Windows Server 2008 R2 instance (fsweb.contoso.com) is used to host both the AD FS 2.0 federation server and a WIF sample application. It presumes the availability of a Contoso.com domain, in which fsweb.contoso.com is a member server. The same computer can act as the domain controller and federation server in the test deployments.
ADFS 2.0 with SharePoint 2010 is deployed.
The test deployment that was created in the Configuring SharePoint 2010 AAM applications with AD FS 2.0 http://technet.microsoft.com/en-us/library/gg295319.aspx is used as starting point for this deployment. A single Windows Server 2008 R2 instance (fsweb.contoso.com) is used to host the AD FS 2.0 federation server and a Windows Server 2008 R2 instance (SP2010) is used to host the SharePoint 2010 application. It presumes the availability of a Contoso.com domain, in which fsweb.contoso.com is a member server. The same computer can act as the domain controller and federation server in the test deployments.
Access Manager is deployed.
The Access Manager environment in this deployment is hosted by a fictitious company called nam.example.com. Only the Identity Server component of Access Manager is required for this federation. For more information about installation and deployment of Access Manager, refer to the Access Manager documentation http://www.novell.com/documentation/novellaccessmanager31/.
NOTE:You can download the evaluation version of Access Manager from Novell’s download portalhttp://download.novell.com.
Access Manager 3.1 SP4, 3.1 SP5, 3.2.x, or 4.0.
SUSE Linux Enterprise Server (SLES) 11 SP1 64-bit or a higher version.
NOTE: Access Manager supports both Windows and Linux. This section discusses only the Linux environment.
Ensure that the Access Manager (nam.example.com) and AD FS 2.0 (fsweb.contoso.com) systems have IP connectivity between them. The Contoso.com domain controller, if it is running on a separate computer, does not require IP connectivity to the Access Manager system. If the Access Manager firewall is set up, open the ports required for the Identity Server to communicate with the Administration Console.
For more information about these ports, see Setting Up Firewalls
in the NetIQ Access Manager 4.0 SP1 Installation Guide.
For HTTPS communication, the Access Manager Identity Server uses TCP 8443 by default. Your browsers need to access this port when using the HTTP POST Binding. Or, you can change this port to 443 by using iptables. See Section 1.6, Translating the Identity Server Configuration Port.
For back-channel communication with cluster members, you need to open two consecutive ports for the cluster, such as 7801 and 7802. The initial port (7801) is configurable. See Section 1.1.3, Configuring a Cluster with Multiple Identity Servers.
All federation servers (AD FS and Access Manager) need access to a reliable Network Time Protocol (NTP) time source.
The hosts file on the AD FS 2.0 computer (fsweb.contoso.com) is used to configure name resolution of the partner federation servers and sample applications.
Federation events have a short time to live (TTL). To avoid errors based on time-outs, ensure that both computers have their clocks synchronized.
NOTE:For information about how to synchronize a Windows Server 2008 R2 domain controller to an Internet time server, see article 816042 in the Microsoft Knowledge Base http://go.microsoft.com/fwlink/?LinkID=60402.
On SLES 11 SP1 64-bit or a higher version, use the command sntp -P no -p pool.ntp.org to synchronize time with the Internet time server.