Configure web.config to use the claims-aware Web Agent

  • Article

Applies To: Windows Server 2003 R2

You can use the following procedure to configure the web.config file that your claims-aware application uses to work with the claims-aware Web Agent. When you complete the procedure, the claims-aware Web Agent will be able to:

  • Locate and collaborate with the resource federation server that is required to authenticate users to the application.

  • Identify the claim application's Uniform Resource Locator (URL) that is used by the Federation Service.

  • Identify the local path to the claims application on the ADFS-enabled Web server.

  • Identify the local path to use to store log files for the application.

The changes that you make to the web.config file are also used to inform the claims-aware application where to load the Active Directory Federation Service (ADFS) assemblies that are necessary to start the ADFS Web Agent Authentication Service.

To configure the web.config to use the claims-aware Web Agent

  1. Locate the web.config file that is used by your claims-aware application, and then open it with Notepad. This file should be located in \inetpub\wwwroot\virtualdirectory where your claims-aware application files are stored.

  2. If the following code does not exist in the web.config file, paste the code into the file:

    <?xml version="1.0" encoding="utf-8" ?>

    <configuration>

    <configSections>

    <sectionGroup name="system.web">

    <section name="websso" type="System.Web.Security.SingleSignOn.WebSsoConfigurationHandler, System.Web.Security.SingleSignOn, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, Custom=null" />

    </sectionGroup>

    </configSections>

    <system.web>

    <compilation defaultLanguage="c#" debug="true">

    <assemblies>

    <add assembly="System.Web.Security.SingleSignOn, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, Custom=null" />

    <add assembly="System.Web.Security.SingleSignOn.ClaimTransforms, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, Custom=null" />

    </assemblies>

    </compilation>

    <customErrors mode="Off" />

    <authentication mode="None" />

    <httpModules>

    <add name="Identity Federation Services Application Authentication Module" type="System.Web.Security.SingleSignOn.WebSsoAuthenticationModule, System.Web.Security.SingleSignOn, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, Custom=null" />

    </httpModules>

    <websso>

    <urls>

    <returnurl>https://myapp</returnurl>

    </urls>

    <cookies writecookies="true">

    <path>/apppath</path>

    <lifetime>240</lifetime>

    </cookies>

    <fs>https://myfederationserver/adfs/fs/federationserverservice.asmx</fs>

    <authenticationrequired>

    </authenticationrequired>

    <loghttpevent>1</loghttpevent>

    <auditlevel>255</auditlevel>

    <tokenCacheSize>1</tokenCacheSize>

    <tokenCacheEntryLifetime>5</tokenCacheEntryLifetime>

    <tokenCacheScavengePeriod>5</tokenCacheScavengePeriod>

    </websso>

    </system.web>

    <system.diagnostics> (this section is optional and is used for debugging)

    <switches>

    <add name="WebSsoDebugLevel" value="15" />

    </switches>

    <trace autoflush="true" indentsize="3">

    <listeners>

    <add name="ADFSLogListener" type="System.Web.Security.SingleSignOn.BoundedSizeLogFileTraceListener, System.Web.Security.SingleSignOn, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, Custom=null" initializeData="applogfile"/>

    </listeners>

    </trace>

    </system.diagnostics>

    </configuration>

    Note

    In the following steps of this procedure, replace the highlighted text with information that is specific to your application and your federation server.

  3. Replace myapp in <returnurl>https://myapp</returnurl> with the URL address for the claims-aware application that will be loaded. The URL value here must match the Application URL value that is specified in the properties page of the claims-aware application (which is located under Federation Service\Trust Policy\Applications in the Active Directory Federation Services snap-in) of the resource partner.

  4. Replace apppath in <path>/apppath</path> with the path of the virtual directory where you are storing the claims-aware application.

  5. Replace myresourcefederationserver in <fs>https://myresourcefederationserver/adfs/fs/federationserverservice.asmx</fs> with a valid resource federation server name.

  6. Replace applogfileininitializeData="applogfile" with the local path to the location of the application's log file.

  7. In Notepad, on the File menu, click Save.