Configure the Federation Service default Web pages

  • Article

Applies To: Windows Server 2003 R2

When a Web resource is protected by Active Directory Federation Services (ADFS), three .aspx files specify the default Web pages that are presented before and after access to the resource:

  • clientlogon.aspx: This page is presented by the Federation Service or Federation Service Proxy for collecting credentials from the user. It may be in the form of the current Windows credentials using Windows Integrated authentication or Basic authentication, or it might provide for forms-based user name and password entry.

  • discoverclientrealm.aspx: This page is presented by the resource Federation Service or Federation Service Proxy when the realm of the client is not known.

  • signout.aspx: This page is presented by the resource Federation Service or Federation Service Proxy after the user signs out of the resource Web page.

The default location of these files on federation servers and federation server proxies is %systemdrive%\ADFS\sts\ls.

You can change the names of these files, but the location of the files must be %systemdrive%\ADFS\sts\ls or a subdirectory of this location. Use Windows Explorer to change the file names or locations, and then change their location in the Active Directory Federation Services snap-in.

Perform this procedure on a federation server or federation server proxy.

Administrative credentials

To complete this procedure, you must be a member of the Administrators group on the local computer.

To change the Federation Service default Web pages

  1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.

  2. Right-click Federation Service on a federation server, or Federation Service Proxy on a federation server proxy, and then click Properties.

  3. On the Web Pages tab, change the names of the files in Client logon page, Account partner discovery page, or Client logoff page, and then click OK.

  4. Validate the effect of the change by performing an action on the Web application. Verify that you receive the new logon page.

Note

In certain cases (for example, when you are using existing facilities offered by ADFS and IIS for authentication), you might additionally need to copy IIS settings related to authentication, as well as the auth directory (%systemdrive%\ADFS\sts\ls\auth*) where ADFS stores the different files that leverage IIS authentication. For example, ...\auth\integrated stores files that are used for integrated authentication using Windows credentials. Similarly, ...\auth\sslclient stores files that are used for SSL authentication.