Install the Federation Service component of ADFS

Applies To: Windows Server 2003 R2

Now that you have properly configured a computer with the prerequisite applications and certificates, you are ready to install the Federation Service component of Active Directory Federation Services (ADFS). When you install the Federation Service on a computer, that computer becomes a federation server.

You can use the following procedure to install the Federation Service component of ADFS on a computer that will become the first federation server or on a computer that will become a federation server for an existing federation server farm.

Prerequisites

If you will be using a token-signing certificate that is issued by a certification authority (CA), verify that a token-signing certificate with the private key has already been installed or imported into the local certificate store (Personal store) before you start this procedure. As an alternative, you can create a self-signed, token-signing certificate using the Windows Components Wizard, as described in this procedure. For more information about token-signing certificates, see Certificate requirements for federation servers.

If you are adding this new federation server to an existing federation server farm, make sure that the trust policy file is available on the network with the appropriate permissions before starting this procedure. For more information, see When to create a federation server farm.

To install the Federation Service component of ADFS

1. Click Start, point to Control Panel, and then click Add or Remove Programs.

2. In Add or Remove Programs, click Add/Remove Windows Components.

3. In the Windows Components Wizard, click Active Directory Services, and then click Details.

4. In the Active Directory Services dialog box, click Active Directory Federation Services (ADFS), and then click Details.

5. In the Active Directory Federation Services (ADFS) dialog box, select the Federation Service check box, and then click OK. If ASP.NET 2.0 was not previously enabled, click Yes to enable it, and then click OK.

6. In the Active Directory Services dialog box, click OK.

7. In the Windows Components Wizard, click Next.

8. On the Federation Service page, under Token-signing certificate, do one of the following:

   • If you want Setup to create a new, self-signed, token-signing certificate for this federation server and add it to the personal store of the local computer, click Create a self-signed token-signing certificate, and then go to step 9.

   • If you want to use an existing token-signing certificate that has already been added to the certificate store on the local computer, click Select token-signing certificate, click Select, highlight the appropriate certificate in the list, click OK, and then go to step 9.

     Note

     This is the same certificate name that you entered when you created the token-signing certificate request.

9. On the Federation Service page, under Trust policy, do one of the following:

   • If you are installing the Federation Service component of ADFS on a single federation server or on the first federation server in a server farm, click Create a new trust policy, and then click Next.

     Note

     Every federation server in a server farm will need to use this trust policy file. Therefore, we recommend that you store this file in a protected network shared folder. For more information, see When to create a federation server farm.

   • If you are installing the Federation Service component of ADFS on a computer that will become an additional federation server for an existing federation server farm, click Use an existing trust policy, and then click Browse. In the Browse dialog box, locate the shared TrustPolicy.xml file on the network, highlight it, click Open, and then click Next.

10. If you are prompted for the location of the installation files, navigate to R2 Installation Folder\cmpnents\r2, and then click OK.

11. On the Completing the Windows Components Wizard page, click Finish.