Enable SAML

  1. Login into Windows using the Remote Desktop as follows
  2. Go to EC2 console and select the Windows Instance ( Named : LF-ADFS-Windows2019-Server ) and click on Connect button (Wait for it to complete the initialization,you can verify the same under Status Checks column ).
  3. Click on Download Remote Desktop File button to download RDP file and close the windows.
  4. Double click on RDP file you downloaded (Mac Users: Install Microsoft Remote Desktop application using App Store if you don't have already installed, seach for "Microsoft Remote Desktop"), and you will get following dialog, Click Continue and enter password Password1! for Administrator user
  5. Once you login into Windows Server, open PowerShell window by clicking on Windows Start and Select PowerShell
  6. Copy and execute the following command to upload the AD FS Metadata xml file into S3 bucket (this metadata data xml file contains self-signed certificate public key, ADFS endpoint details etc) make sure to replace account-id with AWS AccountId. Use some Text editor to make these changes.
    Write-S3Object -BucketName lf-workshop-account-id -File C:\Users\Administrator\Downloads\WindowsFederationMetadata.xml -Key metadata\WindowsFederationMetadata.xml
  7. In the previous step we have uploaded AD FS metadata file (WindowsFederationMetadata.xml) into S3 bucket, you can verify the same in S3 Console inside the bucket lf-workshop-account-id under metadata folder. You need to download this file into your local computer, we need this file to create SAML provider in AWS in the next chapter.
  8. Add lfemr.hadoop.com hostname with Windows Server Public IP to your local computer (/etc/hosts)
    Note : make sure you do this in your local laptop/computer and not in Windows Server you connected
    you can find the Public IP value of Windows server in CloudFormation template Lake-Formation-EMR-WindowsADFS output for DomainControllerPublicIP .