Change the Federation Service URI
Applies To: Windows Server 2003 R2
In Active Directory Federation Services (ADFS), the Federation Service Uniform Resource Identifier (URI) uniquely identifies a Federation Service. This URI also identifies the federation server farm membership of the federation server. URIs are case-sensitive.
In a federated scenario, the URI that is specified in the properties of the Trust Policy node of a Federation Service also identifies the Federation Service in the properties of the respective account or resource node in the partner organization. Therefore, if you change the URI of a partner Federation Service, you must change its value in the corresponding partner node in the trust policy of the other partner. If the partners are in separate organizations, you must communicate this change to the administrator who makes these changes.
URI values must match according to standard URI comparison rules, as described in Request for Comments (RFC) 3986, "Uniform Resource Identifier (URI): Generic Syntax" (https://go.microsoft.com/fwlink/?LinkId=65481).
Note
Changes to the Federation Service URI are received by federation servers in the Federation Service through the shared TrustPolicy.xml file. However, this change must be made manually in the corresponding Federation Service of the partner organization. During this time, users who have already signed on using the URI will have to authenticate again if they return to the same Federation Service, such as when they try to access another site. The contents of the cookie in the access token, which lasts 10 hours by default, will no longer match the Federation Service. For this reason, the user will be prompted again for credentials
Perform the following procedure on a federation server in the Federation Service whose URI you want to change.
Administrative credentials
To complete this procedure, you must be a member of the Administrators group on the local computer.
To change the Federation Service URI in the Trust Policy properties
On the federation server whose Federation Service URI you want to change, click Start, point to Administrative Tools, and then click Active Directory Federation Services.
Double-click Federation Service, right-click Trust Policy, and then click Properties.
On the General tab, in Federation Service URI, type the new URI, and then click OK.
The URI value must also be updated in the properties of the corresponding resource or account partner node in the partner Federation Service.
Administrative credentials
To complete this procedure, you must be a member of the Administrators group on the local computer.
To change the Federation Service URI in the account partner or resource partner properties
Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
Double-click Federation Service, double-click Trust Policy, double-click Partner Organizations, and then double-click Account Partners if you are logged on to the resource federation server, or double-click Resource Partners if you are logged on to the account federation server.
Right-click the account or resource partner whose Federation Service URI has changed, and then click Properties.
On the General tab, in Federation Service URI, type the new URI, and then click OK.
Note
This URI must match the URI in the trust policy of the corresponding partner organization according to standard URI comparison rules.