Configure an Information Card

Updated: December 18, 2009

Applies To: Active Directory Federation Services (AD FS) 2.0

Each instance of Active Directory Federation Services (AD FS) 2.0 has a corresponding Information Card that it can configure to issue according to the Federation Service. The initial settings for this card are configured when you first run the AD FS 2.0 Federation Configuration Wizard. You can use the following procedure to modify the Information Card configuration after initial server configuration, as necessary. These properties are typically displayed to users when they see and use the card. Therefore, you might find it helpful to update these settings from time to time as part of changes in your card branding or changes in card issuance policy.

Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Active Directory Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

Use the following procedure to configure the Information Card in the Federation Service for use by Windows CardSpace 1.0 clients. Certain settings must be applied to the Information Card provided by AD FS 2.0 using Windows PowerShell in order for client computers running Windows CardSpace 1.0 to be able to use the card. This includes preventing the card from using the Certificate authentication type and adding some values to the card that are required by Windows CardSpace 1.0.

To configure an Information Card for use with Windows CardSpace 1.0

  1. On a federation server, register the AD FS 2.0 snap-in using Windows PowerShell by typing get-pssnapin –registered at the Windows PowerShell command prompt, and then pressing ENTER.

  2. Add the AD FS 2.0 snap-in to the Windows PowerShell session by typing add-pssnapin microsoft.adfs.powershell, and then pressing ENTER.

  3. Disable the Certificate authentication type on the Information Card by typing, set-adfsInformationcard -name defaultcardtemplate -clearsecondaryauthenticationtype –force, and then pressing ENTER.

    noteNote
    AD FS 2.0 requires that at least one authentication type be specified on an Information Card.

  4. Add a claim value to the Information Card by typing set-adfsinformationcard -name defaultcardtemplate -claims $claims –force, and then pressing ENTER.

  5. Add a contact name value to the Information Card by typing set-adfsinformationcard -name defaultcardtemplate -issuerinformation @{} -force, and then pressing ENTER.

  6. Set the card-signing signature algorithm to SHA1 by typing set-adfsinformationcard -CardName "Managed Information Card" -signaturealgorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1, and then pressing ENTER.

  7. You can also use the AD FS 2.0 Management snap-in to customize additional settings on the card. See the next procedure for details about how to edit the properties of the Information Card.

Use the following procedure to configure the Information Card for use by Windows CardSpace 2.0 clients. It is not necessary to use Windows PowerShell to modify settings of the default Information Card when client computers are using Windows CardSpace 2.0.

To configure an Information Card for use with Windows CardSpace 2.0

  1. Click Start, point to Administrative Tools, and then click AD FS 2.0 Management.

  2. In the console tree, under the AD FS 2.0 folder, right-click Information Card, and then click Properties.

  3. In the Information Card Properties dialog box, you can modify the following items:

    • In Information Card name, you can type a new name to rename the card. Typically, this name is displayed to users when they see and use the card.

    • In Information Card image, click Browse to browse for and locate an image file to link to this card. This file must be in a valid Windows image file format (such as .jpg or .gif) and be less than 1 megabyte (MB) in size. The recommended pixel dimension is 120x80 (width/height). This image will be associated with the card and displayed to users when they see and use the card.

    • In Privacy URL, enter the Web address or URL to a file that contains a privacy statement.

    • In Available authentication types, select the type (or types) of authentication to be allowed when users use this card. The available options are Kerberos, Certificate, or Username / Password.

  4. Click OK.

Additional references

Tags :


Page view tracker