Checklist: Configuring AD FS to Send Claims to an AD FS 1.x Claims-Aware Web Agent
Updated: February 24, 2012
Applies To: Windows Server 2012
This checklist includes the tasks that are necessary for configuring your Active Directory Federation Services (AD FS) Federation Service in Windows Server 2012 to send claims that can be understood by an application that is hosted by a Web server running the AD FS 1.x claims-aware Web agent.
Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
Checklist: Configuring AD FS to send claims to an AD FS 1.x claims-aware Web agent
Plan for interoperability between AD FS in Windows Server 2012 and previous versions of AD FS and learn more about the Name ID claim type.
If you have not already done so, use the link on the right to first create a relying party trust between the AD FS Federation Service in Windows Server 2012 and the AD FS 1.x Federation Service.
Before you can achieve interoperation with an application that is hosted by the AD FS 1.x claims-aware Web agent, you must first create a relying party trust in the AD FS Federation Service in Windows Server 2012 to the AD FS 1. x claims-aware Web agent.
When you set up the trust using the procedure in the link to the right, you must do the following in the Add Relying Party Trust Wizard to set up this trust to interoperate with an AD FS 1.x claims-aware Web agent:
Contact the administrator of the Web server running the AD FS 1.x claims-aware Web agent and have that administrator edit the web.config file that is associated with the claims-aware application (under the Default Web Site in Internet Information Services (IIS)) to point the Web agent at the AD FS Federation Service.
For example, replace myresourcefederationserver in the tag <fs>https://myresourcefederationserver/adfs/fs/federationserverservice.asmx</fs> of the web.config file with a valid AD FS federation server name.
This is necessary for the application and AD FS 1.x claims-aware Web agent to be able to consume the claims that are sent to it from the AD FS Federation Service in Windows Server 2012.
On the relying party trust that you created earlier, you have to create claim rules that will take incoming claims that were extracted from an attribute store and pass through, filter, or transform them into a Name ID claim type that can be understood and consumed by the AD FS 1.x claims-aware Web agent.