Add a Claims Provider Trust

  • Article

Applies To: Active Directory Federation Services (AD FS) 2.0

You can use the Add Claims Provider Trust Wizard in Active Directory Federation Services (AD FS) 2.0 to add a new claims provider trust and configure a new claims provider.

To add a new claims provider trust

  1. Click Start, point to Programs, point to Administrative Tools, and then click AD FS 2.0.

  2. Under AD FS 2.0\Trust Relationships, right-click the Claims Provider Trusts folder, and then click Add Claims Provider Trust to open the Add Claims Provider Trust Wizard.

  3. On the Welcome page, click Start.

  4. On the Select Data Source page, click Enter claims provider trust data manually, and then click Next.

Note

The Select Data Source page provides three options for entering the data about the claims provider. If the claims provider publishes its federation metadata or can provide a file copy of it to its partners, we recommend the automatic retrieval method. It can save time, and it allows you to skip most of the remaining steps in this procedure. The third option is to enter all the configuration data for the new claims provider trust manually, as described in steps 5 through 9.

  1. On the Specify Display Name page, type a name in Display name. Click Next after you enter the description details.

    You have the option, but you are not required, to enter details of your choosing in the Notes text box.

  2. On the Choose Profile page, select the appropriate profile for your needs, and then click Next.

    If you know you will require interoperability with federation servers running an earlier version of AD FS, such as provided in Windows Server 2003 R2, click AD FS 1.0 and 1.1 profile. Otherwise, click AD FS 2.0 profile.

  3. On the Configure URL page, select the appropriate check box and enter the URL as appropriate for the WS-Federation Passive protocol-based or Security Assertion Markup Language (SAML) 2.0 WebSSO protocol-based endpoint, and then click Next.

  4. On the Configure Identifier page, specify the identifier (a valid URI) for this claims provider trust relationship, and then click Next.

  5. On the Configure Certificates page, click Add to browse to and locate a certificate file and add it to the list of certificates, and then click Next.

Note

You must specify a valid certificate here to complete this procedure. The certificate must also be unique across all claims provider trusts in the AD FS 2.0 configuration.

  1. On the Ready to Add Trust page, click the tabs to review your proposed settings. Click Next if you are satisfied with the results and are ready to save your claims provider trust.

  2. On the Finish page, click Close.