Add a Relying Party Trust

Applies To: Active Directory Federation Services (AD FS) 2.0

You can use the Add Relying Party Trust Wizard in Active Directory Federation Services (AD FS) 2.0 to add a new relying party trust and configure a new relying party.

To add a new relying party trust

  1. Click Start, point to Administrative Tools, and then click AD FS 2.0.

  2. Under AD FS 2.0\Trust Relationships, right-click the Relying Party Trusts folder, and then click Add Relying Party Trust to open the Add Relying Party Trust Wizard.

  3. On the Welcome page, click Start.

  4. On the Select Data Source page, click Enter data about the relying party manually, and then click Next.


The Select Data Source page provides three options for entering the data about the relying party. If the relying party publishes its federation metadata or can provide a file copy of it for you to use, the automatic retrieval method is recommended. It can save time, and it allows you to skip most of the remaining steps in this procedure. The third option is to enter all the configuration data for the new relying party trust manually, as described in steps 5 through 9.

  1. On the Specify Display Name page, type a name in Display name. Click Next after you enter the description details.

    You have the option, but you are not required, to enter details in the Notes text box.

  2. On the Choose Profile page, select the appropriate profile for your needs, and then click Next.

    If you know you will require interoperability with federation servers running an earlier version of AD FS, such as provided in Windows Server 2003 R2, click AD FS 1.0 and 1.1 profile. Otherwise, click AD FS 2.0 profile.

  3. On the Configure Certificate page, click Browse to browse to and locate a certificate file and add it to the list of certificates, and then click Next.

  4. On the Configure URL page, select the appropriate check boxes and specify any corresponding URLs as appropriate for the WS-Federation Passive protocol-based or Security Assertion Markup Language (SAML) 2.0 WebSSO protocol-based endpoint, and then click Next.

  5. On the Configure Identifiers page, you must specify at least one identifier for this relying party trust. Type the URI you want to use here, click Add to add it to the list, and then click Next.

  6. On the Choose Issuance Authorization Rules page, select whether you want to permit all users or restrict them, based on configuring authorization rules, and then click Next.

  7. On the Ready to Add Trust page, review your settings. When you are ready to save your settings, click Next.

  8. On the Finish page, click Close.