Configuring SharePoint AAM applications with AD FS

  • Article

Updated: February 1, 2011

Applies To: Unified Access Gateway

This topic describes how to configure your SharePoint alternate access mapping (AAM) application and Active Directory Federation Services (AD FS) server to allow users to access your SharePoint AAM application using AD FS.

To configure SharePoint AAM applications with AD FS

  1. Configure your SharePoint server to use Web SSO authentication using AD FS as described in Configure Web SSO authentication by using ADFS (Office SharePoint Server) https://go.microsoft.com/fwlink/?LinkID=180365.

    Note

    In the procedure “Allowing users access to your extranet Web site”, in step 4.e, add the organization claim name exactly as it is configured on the AD FS server.

    In step 7, use the XML from Single sign on XML.

  2. Create the SharePoint application in AD FS as a claims-aware application (use the external hostname of the SharePoint application as the application URL). For more information, see Add a New Claims-Aware Application to the Federation Service https://go.microsoft.com/fwlink/?LinkId=180366.

  3. Configure the Cookie Domain field as described in To configure IIS and the AD FS Web Agent.

Single sign on XML

Valid XML for allowing users access to your extranet Web site is shown below:

<membership defaultProvider="SingleSignOnMembershipProvider2">
<providers>
<add name="SingleSignOnMembershipProvider2" type="System.Web.Security.SingleSignOn.SingleSignOnMembershipProvider2, System.Web.Security.SingleSignOn.PartialTrust, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="SingleSignOnRoleProvider2">
<providers>
<add name="SingleSignOnRoleProvider2" type="System.Web.Security.SingleSignOn.SingleSignOnRoleProvider2, System.Web.Security.SingleSignOn.PartialTrust, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</providers>
</roleManager>
<websso>
<authenticationrequired />
<auditlevel>55</auditlevel>
<urls>
<returnurl>https://your_application</returnurl>
</urls>
<fs>https://fs-server/adfs/fs/federationserverservice.asmx</fs>
<isSharePoint />
</websso>

Note

Make sure that you enter your own values for <returnurl>https://your_application</returnurl> and <fs>https://fs-server/adfs/fs/federationserverservice.asmx</fs>.