Поделиться через


Create a Claims Provider Trust Manually

Applies To: Active Directory Federation Services (AD FS) 2.0

To add a new claims provider trust using the AD FS 2.0 Management snap-in and manually configure the settings, perform the following procedure on a resource partner federation server in the resource partner organization.

Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To create a claims provider trust manually

  1. Click Start, point to Programs, point to Administrative Tools, and then click AD FS 2.0 Management.

  2. Under the AD FS 2.0\Trust Relationships, right-click Claims Provider Trusts, and then click Add Claims Provider Trust to open the Add Claims Provider Trust Wizard.

  3. On the Welcome page, click Start.

  4. On the Select Data Source page, click Enter claims provider trust data manually, and then click Next.

  5. On the Specify Display Name page type a Display name, under Notes type a description for this claims provider trust, and then click Next.

  6. On the Choose Profile page, do one of the following:

    • Click AD FS 2.0 Profile, click Next, and then go to step 7.

    • Click AD FS 1.0 and 1.1 profile, click Next, and then move to step 8.

    If you know that you will require interoperability between this claims provider trust and other, older Active Directory Federation Services (AD FS) claims provider trusts, click AD FS 1.0 and 1.1 profile. Otherwise, use the default AD FS 2.0 profile option.

  7. On the Configure URL page, do one or both of the following, click Next, and then go to step 9:

    • Select the Enable support for the WS-Federation Passive protocol check box. Under Claims provider WS-Federation Passive protocol URL, type the URL for this claims provider trust, and then click Next.

    • Select the Enable support for the SAML 2.0 WebSSO protocol check box. Under Claims provider SAML 2.0 SSO service URL, type the Security Assertion Markup Language (SAML) service endpoint URL for this claims provider trust, and then click Next.

    Click the Help button on this page for more information about which of these options apply to the needs of your organization.

  8. On the Configure URL page, under WS-Federation Passive URL, type the URL for this claims provider trust, and then click Next.

  9. On the Configure Identifier page, under Claims provider trust identifier, type the appropriate identifier, and then click Next.

  10. On the Configure Certificates page, click Add to locate a certificate file and add it to the list of certificates, and then click Next.

  11. On the Ready to Add Trust page, click Next to save your claims provider trust information.

  12. On the Finish page, click Close. This action automatically displays the Edit Claim Rules dialog box. For more information about how to proceed with adding claim rules for this claims provider trust, see the Additional references.

Additional references

Checklist: Configuring the Resource Partner Organization

Checklist: Creating Claim Rules for a Claims Provider Trust