Configure a resource partner to use Windows trust

Applies To: Windows Server 2003 R2

Use the following procedure to enable Windows trust for a resource partner in an Active Directory Federation Services (ADFS) Federated Web SSO with Forest Trust scenario.

Note

When you enable the Windows trust option in the account Federation Service, you are sending actual security identifiers (SIDs) to the resource partner organization over the Internet, which may be a security risk. These SIDs are packaged in the ADFS Security Assertion Markup Language (SAML) token. Therefore, enable this option only when you are using the Federated Web SSO with Forest Trust design. This design is meant to establish secure communication within the same organization.

Perform this procedure on an account federation server.

Administrative credentials

To complete this procedure, you must be a member of the Administrators group on the local computer.

To configure a resource partner to use Windows trust

  1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.

  2. Double-click Federation Service, double-click Trust Policy, double-click Partner Organizations, and then double-click Resource Partners.

  3. Right-click the resource partner for which you want to configure Windows trust, and then click Properties.

  4. On the General tab, click Use Windows trust relationship for this partner, and then click OK.

See Also

Concepts

Configure an account partner to use Windows trust
Discontinue Windows trust for a resource partner