Checklist: Configuring AD FS 2.0 to Send Claims to an AD FS 1.x Claims-Aware Web Agent
Applies To: Active Directory Federation Services (AD FS) 2.0
Checklist: Configuring AD FS 2.0 to send claims to an AD FS 1.x claims-aware Web agent
This checklist includes the tasks that are necessary for configuring your Active Directory Federation Services (AD FS) 2.0 Federation Service to send claims that can be understood by an application that is hosted by a Web server running the AD FS 1.x claims-aware Web agent.
Note
Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
Checklist: Configuring AD FS 2.0 to send claims to an AD FS 1.x claims-aware Web agent
Task | Reference | |||
---|---|---|---|---|
Plan for interoperability between AD FS 2.0 and previous versions of AD FS and learn more about the Name ID claim type. |
||||
If you have not already done so, use the link on the right to first create a relying party trust between the AD FS 2.0 Federation Service and the AD FS 1.x Federation Service. |
Checklist: Configuring AD FS 2.0 to Send Claims to an AD FS 1.x Federation Service |
|||
Before you can achieve interoperation with an application that is hosted by the AD FS 1.x claims-aware Web agent, you must first create a relying party trust in the AD FS 2.0 Federation Service to the AD FS 1. x claims-aware Web agent.
When you set up the trust using the procedure in the link to the right, you must do the following in the Add Relying Party Trust Wizard to set up this trust to interoperate with an AD FS 1.x claims-aware Web agent:
|
||||
Contact the administrator of the Web server running the AD FS 1.x claims-aware Web agent and have that administrator edit the web.config file that is associated with the claims-aware application (under the Default Web Site in Internet Information Services (IIS)) to point the Web agent at the AD FS 2.0 Federation Service. For example, replace myresourcefederationserver in the tag This is necessary for the application and AD FS 1.x claims-aware Web agent to be able to consume the claims that are sent to it from the AD FS 2.0 Federation Service. |
N/A |
|||
On the relying party trust that you created earlier, you have to create claim rules that will take incoming claims that were extracted from an attribute store and pass through, filter, or transform them into a Name ID claim type that can be understood and consumed by the AD FS 1.x claims-aware Web agent. Note Before you create this rule, make sure that the claim rule set where you are creating this rule has a rule that comes before it that first extracts a Lightweight Directory Access Protocol (LDAP) attribute claim from an attribute store. This claim will be used as input to the rule that you create to send an AD FS 1.x-compatible claim. For more information about how to create a rule to extract an LDAP attribute, see Create a Rule to Send LDAP Attributes as Claims.
|