Federation Service Proxy

Applies To: Windows Server 2003 R2

The Federation Service Proxy is a component of Active Directory Federation Services (ADFS) in Windows Server 2003 R2 that can be installed independently from other ADFS components. The Federation Service Proxy functions as a proxy in a perimeter network (also known as a demilitarized zone, extranet, or screened subnet) for the Federation Service. The act of installing the Federation Service Proxy component on a computer makes that computer a federation server proxy. It also makes the Active Directory Federation Services Proxy snap-in available on that computer in the Administrative Tools menu.

A federation server proxy participates in the WS-Federation Passive Requestor Profile (WS-F PRP) protocol by communicating with a protected Federation Service on the client’s behalf. When the federation server proxy is protecting an account partner, it collects user credential information from browser clients. When the federation server proxy is protecting a resource partner, it relays requests by and for Web applications to the Federation Service.

The federation server proxy also stores Hypertext Transfer Protocol (HTTP) cookies on clients when necessary to facilitate single sign-on (SSO). For more information, see Cookies used by ADFS. The federation server proxy writes all three types of cookies: authentication cookies, account partner cookies, and sign-out cookies. For more information about the federation server proxy role, see ADFS server roles.