System Hardware Requirements
Beowulf is designed to be very lightweight. It can be deployed as a Windows Azure Web Application or on just about any Windows Server running IIS. We have tested it on a Hyper-V guest machine with only 2GB RAM and 2 virtual core CPUs, and on the smallest of the Azure VMs available. You may need more resources if you plan to run the SQL database on the same machine or if you have a lot of users who will authenticate often.
.NET Framework Requirements
The Beowulf STS is written on .NET 4.5, MVC, and Windows Identity Framework 4.5. It was designed to be run as a Windows Azure Web Application / Service, but you can run it on any Windows 2008 R2, 2012, 2012 R2, or 2016 Server with IIS and ASP.net roles / features installed. While the Beowulf STS can run on one or more standalone servers, it is possible to run it on the SharePoint web front-end servers.
The SharePoint components are compiled in .NET 3.5 for SharePoint 2010 and .NET 4.5 for SharePoint 2013. These are Full-trust solutions (WSP Packages) and must be installed on the SharePoint farm. The solution adds several capabilities within the Central Administration web site, and additional steps are required to configure certain admin pages and the trusted login provider. These components are not compatible with SharePoint Online; however, you can leverage the Beowulf STS against Office 365 and SharePoint Online without making use of these components.
Beowulf stores most of its configuration within SQL server, with limited configuration of the web.config files for the web application itself. Those portions of the product which are deployed to SharePoint store their configuration settings in a SharePoint list at the root of the site collection on which Beowulf application is deployed, or in SharePoint's configuration database.
Configuration can be managed via PowerShell commands that can run on any machine, provided the machine has Windows Management Framwork 5.0 and can connect to REST/oData Configuration Services that run on the authentication server or on a seperate server from the Beowulf Authenication Service.
You will need an SSL certificate that is valid for the fully-qualified DNS domain name of the web site that you will use to host the Security Token Service. If only internal users access the site, you can get this certificate from your Enterprise Certificate Authority. If external users will access it, then one should be obtained from a Global Certificate Authority, such as Verisign or Thawte. Beowulf can use a wildcard certificate if you have one, or you can have your provider add a Subject Alternative Name.
In addition, you will need two certificates that will be used for signing and encrypting security tokens. It is highly recommended that these should be separate and unique. Do not share them with other applications, or use a single certificate to do both signing and encryption. These certificates are only used to establish secrets between Beowulf and SharePoint (or other end-user / relying party application), so they can be issued by any CA that is trusted within your organization. They need to have at least 2048 bit keys, and there are other standards they need to follow. We can provide instructions for configuring a Windows Certificate Authority with the correct template to generate certificates of this type.
If you are federating with third-party or cloud applications, we recommend you start with certificates issued by a publicly trusted Certificate Authority such as Verisign or Comodo.
Many components of Beowulf need to store certain information about the user or other transient information, such as security tokens. This information is kept in a SQL database. Beowulf can use SQL Express, SQL Azure, or any version of SQL Server 2008 or higher.
If you're deploying Beowulf in a farm configuration, we recommend that you configure IIS to also store user sessions in the SQL database as well.
Mail Server Requirements
You will need an SMTP mail server in order to deliver messages for Beowulf, whether these are for password reset or multi-factor authentication purposes. Just about any SMTP server should suffice; we recommend configuring it on the local network and using SMTPS with SSL security wherever possible. Beowulf has also been tested to ensure that it can send messages using an Office 365 account using TLS.
SMS Gateway Requirements
If you want to send secrets to users cell phones using text messages, you will need to acquire an SMS gateway service. There are many options available for doing this, and Beowulf supports a few of the major providers including Authy. Please ask us if you need help finding an SMS gateway provider or in determining if it can be supported by Beowulf.