Changes in ADFS 2.1 from ADFS 2.0

Well it has been a while since I last posted. I have been sitting on a couple things and wanted to get this information out there.

Recently I had to work on an ADFS 2.0 to 2.1 migration. There is apparently not any supported easy way to upgrade an ADFS environment to work on Windows Server 2012 with SQL Server 2012. I had to recreate all of the ADFS artifacts such as claim provider trusts, relying party trusts, attribute stores, etc. This is a little painful if you created all of these manually but is much easier if you have saved off PowerShell scripts for creating these objects.

In this post I am blogging about the changes I uncovered working with ADFS 2.1. Most of the changes to ADFS in 2.1 are relatively trivial. In my experience almost everything appears the same in the user interfaces for ADFS. Now the ADFS installation is a role rather than a separate hotfix installer and is part of the base Windows Server 2012 install.

If you have saved off any scripts or other tools for working with ADFS 2.0, you will need to update these for ADFS 2.1. Changes that will be required are:

  • The ADFS PowerShell snap-in is no longer required to be added manually. This was my experience with having the PowerShell 3.0 feature installed. So any lines such as the following lines below can just be removed:

Add-PSSnapin Microsoft.ADFS.PowerShell
Remove-PSSnapin Microsoft.ADFS.PowerShell

  • Also, the PowerShell 3.0 ISE tool now includes Intellisense-like support so it is possible to enter cmdlet arguments much easier. This is a huge help.
  • The folder of the ADFS files is now at C:\Windows\ADFS rather than C:\Program Files\Active Directory Federation Services 2.0. If you use a script to call fsconfig.exe you will need to update the script with this new path to fsconfig.exe.
  • The custom claim rules policies base class is now in a .NET 4 assembly so you will be required to update all assemblies that reference this base class to .NET 4.0. So any classes that derive from Microsoft.IdentityServer.ClaimsPolicy.dll must have their build configuration updated to be .NET 4.0 or later.

Update!

I did find another change with ADFS 2.1. If you have made any customizations to the web.config file of the ADFS virtual directory, you will need to update the version details in the web.config as well as remove the reference to Microsoft.IdentityModel. What I did to update this file was to do the following find/replace tasks on the web.config:

  • Update 3.5.0.0 version details to 4.0.0.0
  • Update 6.1.0.0 version details to 6.2.0.0

I will keep updating this page with any other changes I find with ADFS 2.1. Thanks!

About these ads

  1. #1 by Stu Bonham on March 7, 2013 - 3:14 am

    Thanks for this. We are considering simplifying our ADFS setup by replacing our current 12 servers with just 4. These will be Server 2012 running ADFS 2.1, so your experience will be valuable when we implement later in the year.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: