Configure the Windows Token-Based Agent
Applies To: Windows Server 2008
The following procedure must be completed on the Web server so that clients in the account partner organization can access Windows NT token–based applications, such as SharePoint sites, that are hosted on the Web server in the resource partner organization.
Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).
To configure the Windows token–based agent
Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
In the console tree, click YourComputerName**(local computer).**
In the center pane, double-click Federation Services URL, type the URL of the federation server in the resource partner organization name, and then click Apply.
For example, if the federation server in the resource partner organization is named fedsrv1 and it is located in the treyresearch.net forest, type https://fedsrv1.treyresearch.net/adfs/fs/FederationServerService.asmx.
Note
The Federation Services URL in Active Directory Federation Services (AD FS) defines the URL that is used for all Web sites and Windows NT token–based applications on a Web server where the AD FS Web Agent is enabled.
In the console tree, double-click Sites, and then click YourWebSiteName.
In the center pane, double-click Authentication, highlight AD FS Windows Token-Based Agent, and then in the Actions pane click Edit.
In the ADFS Windows Token-Based Agent dialog box, select the Enable AD FS Web Agent check box.
Note
This action will enable anonymous access to this Web site.
Modify the following values as necessary, and then click OK.
Cookie path
Cookie domain
Return URL
For detailed information about each of these settings, see Review the Role of AD FS Web Agents.