Creating ADFS service principal names (SPNs)
To enable Integrated Windows Authentication (IWA) on ADFS, create service principal names (SPNs) to associate ADFS with a login account. SPNs allow clients to request authentication without having login account names.
About this task
If there are already SPNs for ADFS because IWA is already enabled, skip this procedure.
This procedure assumes that you use a single ADFS server. If you use multiple ADFS servers in a federation server farm, see the Microsoft document Manually Configure a Service Account for a Federation Server Farm.
Procedure
Example
For example, if the ADFS server is adfs01 and the Active Directory domain is
us.renovations.com, use these commands to create and then verify the
SPNs:
setspn -s HTTP/adfs01.us.renovations.com adfs01$
setspn -s HTTP/adfs01 adfs01$
setspn -L adfs01$
If you use an LDAP browser to view the Active Directory, you see the computer ADFS01. The computer account name is ADFS01$ and the account record shows the new service principal names.