다음을 통해 공유


Checklist: Configuring AD FS to Send Claims to an AD FS 1.x Federation Service

Checklist: Configuring AD FS to send claims to an AD FS 1.x Federation Service

This checklist includes the tasks that are necessary for configuring your Active Directory Federation Services (AD FS) Federation Service in Windows Server 2012 to send claims that can be understood by an AD FS 1.x Federation Service.

Note

Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.

Check mark icon, Configure AD FS to send claims to an AD FS 1.x Federation Service.Checklist: Configuring AD FS to send claims to an AD FS 1.x Federation Service

Task Reference
Plan for interoperability between AD FS in Windows Server 2012 and previous versions of AD FS and learn more about the Name ID claim type. Icon, Plan for interoperability between AD FS in  Windows Server 2012  and previous versions of AD FS.Planning for Interoperability with AD FS 1.x
Before you can achieve interoperability with a previous version of AD FS, you must first create a relying party trust in the AD FS Federation Service to the AD FS 1.x Federation Service. Note: You cannot create a trust with an AD FS 1.x Federation Service by using federation metadata.

When you set up the trust using the procedure in the link to the right, you must do the following in the Add Relying Party Trust Wizard to set up this trust to interoperate with an AD FS 1.x Federation Service:

1. On the Select Data Source page, select Enter data about the relying party trust manually.
2. On the Choose Profile page, select AD FS 1.0 and 1.1 profile.
3. On the Configure URL page, under WS-Federation Passive URL, type the Federation Service endpoint URL as defined in the AD FS 1.x Federation Service of the partner.
4. On the Configure Identifiers page, under Relying part trust identifier, type the Federation Service URI as defined in the AD FS 1.x Federation Service of the partner.

Icon, Create a relying party trust manually.Create a Relying Party Trust Manually
On the relying party trust that you created earlier, you must create claim rules that will take incoming claims that were extracted from an attribute store and pass through, filter, or transform them into a Name ID claim type that can be understood and consumed by the AD FS 1.x Federation Service. Note: Before you create this rule, make sure that the claim rule set where you are creating this rule has a rule that comes before it that first extracts a Lightweight Directory Access Protocol (LDAP) attribute claim from an attribute store. This claim will be used as input to the rule that you create to send an AD FS 1.x-compatible claim. For more information about how to create a rule to extract an LDAP attribute, see Create a Rule to Send LDAP Attributes as Claims. configure AD FS to send claimsCreate a Rule to Send an AD FS 1.x Compatible Claim
Contact the administrator of the AD FS 1.x Federation Service and have the administrator of the AD FS 1.x Federation Service set up a new account partner trust. Also, provide that administrator with the Federation Service URI (in the Federation Service properties), the WS-Federation Passive endpoint URL (the Federation Service endpoint URL), and an exported token-signing certificate file (with public key only). That administrator will need these items to set up the trust. N/A