Export (0) Print
Expand All
Expand Minimize

Configure a resource partner to use Windows trust

Updated: September 13, 2007

Applies To: Windows Server 2003 R2

Use the following procedure to enable Windows trust for a resource partner in an Active Directory Federation Services (ADFS) Federated Web SSO with Forest Trust scenario.

When you enable the Windows trust option in the account Federation Service, you are sending actual security identifiers (SIDs) to the resource partner organization over the Internet, which may be a security risk. These SIDs are packaged in the ADFS Security Assertion Markup Language (SAML) token. Therefore, enable this option only when you are using the Federated Web SSO with Forest Trust design. This design is meant to establish secure communication within the same organization.

Perform this procedure on an account federation server.

Administrative credentials

To complete this procedure, you must be a member of the Administrators group on the local computer.

To configure a resource partner to use Windows trust

  1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.

  2. Double-click Federation Service, double-click Trust Policy, double-click Partner Organizations, and then double-click Resource Partners.

  3. Right-click the resource partner for which you want to configure Windows trust, and then click Properties.

  4. On the General tab, click Use Windows trust relationship for this partner, and then click OK.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft