This section describes how to use the PowerShell script to automatically configure
Active Directory Federation Services (AD FS) 3.0 as a SAML IdP server in order to
work with TMWS.
NoteThis script is supported only on Windows Server 2012, Windows Server 2012 R2,
Windows Server 2016, and Windows Server 2019, and Windows Server 2022.
|
Procedure
- Log on to your AD FS server as an administrator, and copy or download the
automatic AD FS configuration package to the server.The package contains a PowerShell script
adfs.ps1
and a Service Provider Metadata fileiwsspmetadata.xml
. - Extract the content of the package.
Note
Always keep both files in the same directory. - Launch Windows PowerShell as an administrator and wait a moment for the PS command prompt to appear.
- Navigate to the directory where the script lives.
- Run the following command to execute the script:
.\adfs.ps1
After the script is successfully executed,-
A token-signing certificate is automatically exported to the same directory as the script.
-
A relying party trust file named
TrendMicro IWSaaS_<timestamp>
is created under . You can modify the file name as necessary from .
-
- Go back to the Edit AD Integration Settings screen on the TMWS management console, and select the certificate to upload it in the AD FS Identity Provider Settings section.