AD FS 2.0 Content Map

Subscribe to RSS Feed	Share on Facebook	Send link to a friend	Send to AD FS Product Team
This Active Directory Federation Services (AD FS) 2.0 wiki page is intended to act as a content map for all members of the AD FS 2.0 community. Members of the AD FS product team will monitor this article on a regular basis and will post new links as they become available on Microsoft.com. We would like to enlist your help in adding useful links to this article in order to make hot AD FS 2.0 topics and solutions more discoverable to the overall community. (Note that several of the links provided on this page are to community-created content that are external to TechNet Wiki.) The following TOC list can be used to help you quickly jump to the relevant content category that is most applicable to your AD FS 2.0 documentation needs. Learn about AD FS 2.0 Research AD FS 2.0 Solutions Integration with Microsoft cloud products Integration with Microsoft on-premises products Interoperability with non-Microsoft products Case studies Design and Deploy AD FS 2.0 Manage AD FS 2.0 Troubleshoot AD FS 2.0 QFEs Related to AD FS 2.0 Additional AD FS 2.0 References Community Resources

Learn about AD FS 2.0

If you are new to AD FS 2.0, we recommend that you review the following announcements, introductory reference links and claims-related details provided in this section to learn more about this technology.

• Active Directory Federation Services v2 Ships! [Video]
• Availability and description of Active Directory Federation Services 2.0

Introduction to AD FS 2.0

• Introducing AD FS 2.0
• AD FS 2.0 Terminology
• AD FS 2.0 Glossary

Overview of AD FS 2.0

• AD FS 2.0 Overview
• AD FS 2.0 SDK Overview
• AD FS 2.0 Technical Overview [Video]
• AD FS 2.0 Product Help

About Claims and Claim Rules

• The Role of Claims
• The Role of Claim Rules
• The Role of the Claim Rule Language
• The Role of the Claims Engine
• The Role of the Claims Pipeline

About Claims-Based Identity & Applications

• Claims-Based Identity Overview
• Introduction to Claims-Based Identity and Windows Identity Foundation (WIF) [Video]
• A Guide to Claims-Based Identity and Access Control
• Claims-Based Identity and Access Control Guide
• Centralizing Application Authorization with AD FS 2.0 [Video]
• Understanding Claims-Based Applications: An Overview of AD FS 2.0 and WIF [Video]

Research AD FS 2.0 Solutions

The following links can help you understand how AD FS 2.0 can work together with other technologies and products (both Microsoft and non-Microsoft) to provide single sign-on capabilities that span multiple boundaries and identity platforms. Note that several links in this section will jump you to community-created content that resides on web sites external to the TechNet Wiki.
Integration with Microsoft cloud products

• ADFS 2.0 Opens Doors to the Cloud
• SSO Across Organizations and the Cloud - AD FS 2.0 Architecture Drilldown [Video]
• Cloud Readiness with Identity Management [Video]
• The Cloud's Silver Lining: Identity Management [Video]

Office 365

• Flexible Deployment and Integration with Microsoft Office 365 [Video]
• Office 365 Single Sign-On Roadmap
• Prepare Office 365 for Identity Federation
• Office 365 & ADFS Federation Design Considerations
• Plan for and deploy AD FS 2.0 for use with single sign-on
• Office 365 Identity Federation Service implications of AD FS 2.0 implementation scenarios
• Installing AD FS 2.0 Hotfixes in Preparation for Office 365
• AD FS 2.0 with Office 365: Part 1 – Planning
• AD FS 2.0 with Office 365: Part 2 – Configuring

Windows Azure Applications Platform

• WIF and Windows Azure Applications [Video]
• Single Sign-On from Active Directory to a Windows Azure Application Whitepaper
• Security Talk: Windows Azure Applications and Federated Identity Security Using ADFS 2.0 [Video]

Windows Azure Appfabric Access Control Services (ACS)

• ACS and ADFS [Video]
• Access Control Service and AD FS 2.0 Integration [Video]
• How to configure AD FS 2.0 with ACS v2
• How to use AD FS 2.0 to secure WCF and Workflow Services hosted in Windows Server AppFabric
• Windows Azure AppFabric ACS Content Map

Integration with Microsoft on-premises products

• Secure Collaboration with Partners using AD FS [Video]
• Using Active Directory Federation Services 2.0 in Identity Solutions

Active Directory Domain Services (AD DS)

• What's New in AD DS: Authentication Mechanism Assurance
• Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide

Active Directory Rights Management Services (AD RMS)

• Using AD FS with AD RMS
• AD RMS and AD FS Considerations
• AD RMS with AD FS Identity Federation Step-by-Step Guide

Exchange Server 2010

• AD FS 2.0 Step-by-Step Guide: Exposing OWA 2010 with AD FS 2.0 to Other Organizations
• Configure Outlook Web App to Work with Active Directory Federation Services
• Access OWA with AD FS

Forefront Identity Manager (FIM)

• Microsoft ADFS 2.0 and Forefront Identity Manager 2010
• ADFS 2.0 Attribute Store for Forefront Identity Manager

Forefront UAG

• Forefront UAG and ADFS - Better Together
• Why deploy Forefront UAG with AD FS 2.0?
• Forefront UAG and AD FS 2.0 supported scenarios and prerequisites
• Deploying Forefront UAG with AD FS 2.0
• Secure Application Access by using AD FS and UAG [Videos]

Microsoft Dynamics CRM 2011

• Introducing Microsoft Dynamics CRM 2011 Claims-based Authentication [Video]
• Microsoft Dynamics CRM 2011 and Claims-based Authentication [Download | Read Online]
• Microsoft Dynamics CRM Survival Guide

SharePoint Server 2007 & Windows SharePoint Services 3.0

• Quick Start: Enabling Federation in a SharePoint Application with AD FS 2.0 as the STS
• Overview of Microsoft Federation Extensions for SharePoint 3.0
• AD FS 2.0 Step-by-Step Guide: How to Set Up the AD FS 2.0 VM Lab Environment for Federated Collaboration [Download | Read Online]
• AD FS 2.0 Step-by-Step Guide: Federated Document Collaboration Using Microsoft Office SharePoint Server 2007 [Download | Read Online]

SharePoint Foundation 2010

• Configure claims authentication (SharePoint Foundation 2010)
• Configure the security token service (SharePoint Foundation 2010)
• Custom claims providers for People Picker (SharePoint Foundation 2010)

SharePoint Server 2010

• Collaboration Using Office, SharePoint Server 2010, and AD FS 2.0 [Video]
• SharePoint 2010 and Claims-Based Identity Overview
• Planning Considerations for Claims Based Authentication in SharePoint 2010
• Configuring SharePoint 2010 and ADFS v2 End to End
• Configuring SharePoint 2010 AAM applications with AD FS 2.0
• Upgrading Federated Applications to SharePoint 2010
• AD FS 2.0 Step-by-Step Guide: Federated Collaboration with Shibboleth 2.0 and SharePoint 2010 Technologies [Download]

Windows Identity Foundation (WIF)

• WIF Content Map
• AD FS 2.0 Step-by-Step Guide: Federation with a WIF Application [Download | Read Online]
• AD FS 2.0 Step-by-Step Guide: Identity Delegation with AD FS 2.0 [Download | Read Online]

Interoperability with non-Microsoft products

• Federated Single Sign-on to Applications Using Interoperable Standards [Video]
• Identity “Mash-up” Federation Demo using Multiple Protocols [Video]
• Federation Identity Interoperability demo with Geneva Server & Sun Open SSO [Video]
• Geneva Interop Whitepapers

Interop Setup Guidance

• Setting up ADFS 2.0 as an IDP for Visma Proceedo
• How to setup a federation with Automatic Data Processing, Inc (ADP) using ADFS 2.0
• A Quick Walkthrough: Setting up AD FS SAML Federation with a Shibboleth SP
• Using AD FS 2.0 for interoperable SAML 2.0-based federated Web Single Sign-On
• SalesForce SSO with ADFS 2.0 – Everything you need to Know

Interop Test Lab Step-by-Step Guides

• AD FS 2.0 Step-by-Step Guide: Federation with IBM Tivoli Federated Identity Manager [Download | Read Online]
• AD FS 2.0 Step-by-Step Guide: Federation with Ping Identity PingFederate [Download | Read Online]
• AD FS 2.0 Step-by-Step Guide: Federation with Oracle Identity Federation [Download | Read Online]
• AD FS 2.0 Step-by-Step Guide: Federation with CA Federation Manager [Download | Read Online]
• AD FS 2.0 Step-by-Step Guide: Federation with Shibboleth 2 and the InCommon Federation [Download | Read Online]
• AD FS 2.0 Step-by-Step Guide: Federated Collaboration with Shibboleth 2.0 and SharePoint 2010 Technologies [Download]

Case studies

• Quest Software: Systems Manager Offers Security-Enhanced, Hosted Solutions with Programming Framework
• Gestone: Startup Successfully Launches with Highly Scalable, Security-Enhanced Cloud Services
• HCL Technologies: IT Firm Delivers Carbon-Data Management in the Cloud, Lowers Barriers for Customers
• Courts of Denmark: Courts Automate Processes for Citizens, Workers with Federated Identity Solution
• Thomson Reuters: Company to Save Months of Development Time with New Programming Framework
• Province of British Columbia: Government Builds Foundation for Agility with Identity Federation Solution
• Safewhere: Company Cuts Costs $150,000, Speeds Development with Programming Framework

Microsoft IT

• How Microsoft IT Designed and Deployed Active Directory Federation Services [Video]
• How ADFS v2 Helps Microsoft IT to Manage Application Access [Video]
• Microsoft MSIT: Enhancing Federation Services for Internal and External Partners

Design and Deploy AD FS 2.0

The following links can help you get started with planning and deploying a specific AD FS 2.0 design in your production environment.
Plan and Design

• AD FS 2.0 Design Guide
• AD FS 2.0 Capacity Planning
• AD FS 2.0 Capacity Planning Spreadsheet
• ADFS 2.0 High Availability and High Resiliency Walkthrough
• Planning Federation Server Placement
• Planning Federation Server Proxy Placement
• Planning a Migration to AD FS 2.0
• Planning for Interoperability with AD FS 1.x
• AD FS 2.0 and AD FS 1.x Interoperability
• Best Practices for Secure Planning and Deployment of AD FS 2.0
• AD FS 2.0 Requirements

Deploy

• AD FS 2.0 Deployment Guide
• AD FS 2.0 - How to Capture A Log During Installation (AdfsSetup.exe)
• AD FS 2.0 - How to manually run the AD FS 2.0 Initial Configuration
• AD FS 2.0 - How to configure the SPN (servicePrincipalName) for the service account
• AD FS 2.0 - How to perform an unattended installation of an AD FS 2.0 STS or Proxy
• Configuring Active Directory Federation Services 2.0
• Course 50412A: Implementing Active Directory Federation Services 2.0

Manage AD FS 2.0

The following links can help you understand how to manage and administer an existing AD FS 2.0 deployment.

• How to restore IIS and clean up Active Directory when you uninstall Active Directory Federation Services 2.0
• AD FS 2.0 - How to Migrate Your AD FS Configuration Database to SQL Server
• Attribute Store Overview (How to create a custom attribute store)

Certificates

• AD FS 2.0 - How to enable and immediately use AutoCertificateRollover
• AD FS 2.0 - How to Replace the SSL, Service Communications,Token-Signing, and Token-Decrypting Certificates

Federation server

• AD FS 2.0 - How to set the Primary Federation Server in a WID Farm
• Verify That a Federation Server Is Operational

Federation server proxy

• AD FS 2.0 Proxy Management
• Verify That a Federation Server Proxy Is Operational

Federation Service

• AD FS 2.0 - How to change the Federation Service Name
• AD FS 2.0 - How to Back Up the Federation Service
• Update the AD FS 2.0 Service Identity Password in a Federation Server Farm
• AD FS 2.0 - How to change the net.tcp Ports for Services and Administration

Monitoring

• Configure performance monitoring for AD FS 2.0
• Announcing Active Directory Federation Services 2.0 Management Pack for Microsoft System Center Operations Manager 2007
• Introduction to the AD FS 2.0 Management Pack

PowerShell

• AD FS 2.0 Administration with Windows PowerShell
• AD FS 2.0 Cmdlets in Windows PowerShell
• AD FS 2.0 API PowerShell Overview

Security

• Configure auditing for AD FS 2.0
• AD FS 2.0 - How to change the local authentication type

Sign-in / Sign-out

• AD FS 2.0: How to use Fiddler Web Debugger to analyze a WS-Federation passive sign-in
• Sign-In Pages Customization Overview
• How to invoke a WS-Federation sign-out
• AD FS 2.0: How to Consume RelayState to Automate Access to Relying Parties During IDP-Initiated Sign-On

Trusts

• AD FS 2.0: How to Utilize a Single Relying Party Trust for Multiple Web Applications that Share the Same Identifier
• AD FS 2.0: How to Restore the Default Acceptance Transform Rules for the Active Directory Claims Provider Trust

Troubleshoot AD FS 2.0

This following links can be used to help you locate the cause and resolution to common problems that may occur in your existing AD FS 2.0 infrastructure.

• AD FS 2.0 Troubleshooting Guide
• Things to check before troubleshooting AD FS 2.0
• Diagnostics in AD FS 2.0
• Fiddler Inspector for Federation Messages

Authentication / Authorization

• Troubleshooting token acceptance problems with AD FS 2.0
• AD FS 2.0: ID4149: The Saml2SecurityToken is rejected because the SAML2:Assertion specifies a OneTimeUse condition
• AD FS 2.0: Error Event 323, "MSIS5009: The impersonation authorization failed" and Event 364, "MSIS3126: Access denied"
• AD FS 2.0: Sign-In Fails and Event 364 is Logged Showing Microsoft.IdentityServer.Protocols.Saml.NoAuthenticationContextException: MSIS7012

Browser client errors

• Troubleshooting User-Reported Symptoms for AD FS 2.0
• AD FS 2.0 - "An unexpected error has occurred" error or blank page displayed attempting to log on to SharePoint, Event ID 23 logged
• AD FS 2.0 - Prompted for credentials when you are expecting to be allowed anonymous access
• AD FS 2.0 - Continuously prompted for credentials when using FireFox 3.6.3
• AD FS 2.0 - Continuously prompted for credentials while using Fiddler Web Debugger
• AD FS 2.0 - "Script is disabled. Click Submit to continue."
• AD FS 2.0 - "An unexpected error has occurred" Error or Blank Page Displayed Attempting to Log on to SharePoint, Event ID 23 Logged

Certificates

• Troubleshooting certificate problems with AD FS 2.0
• Troubleshooting certificate management problems with AD FS 2.0
• AD FS 2.0 - "ID4037: The key needed to verify the signature could not be resolved from the following security key identifier"

Federation server proxy

• Troubleshooting federation server proxy problems with AD FS 2.0
• AD FS 2.0: Federation Server Proxy Servers Fail to Authenticate Users, Events 248 and 996 Logged

Federation Service

• Troubleshooting federation server farm problems with AD FS 2.0
• AD FS 2.0 - The service fails to start. "The service did not respond to the start or control request in a timely fashion. "
• AD FS 2.0 - Query notification delivery failed because of the following error in service broker: 'The conversation handle "{GUID} is not found.'
• AD FS 2.0 - Browsing to Federation Metadata fails "Unable to download federationmetadata.xml"
• AD FS 2.0 - The Admin event log shows Error 111 with System.ArgumentException: ID4216
• AD FS 2.0 - The AD FS 2.0 Windows Service fails to start - Event 102 and 220 logged
• AD FS 2.0: The Service Fails to Start and Error Events 352, 102, and 220 Describing an OperationalFault Are Logged

Forefront UAG

• Troubleshooting Forefront UAG Federation Metadata Retrieval Errors
• Troubleshoot Forefront UAG with AD FS 2.0 Activation Errors
• Troubleshooting Forefront UAG with AD FS 2.0 Event Viewer Messages

Installation / Setup

• AD FS 2.0 setup fails to install PowerShell feature on Windows Server 2008
• AD FS 2.0: Initial configuration fails during "Creating default claim set" and Event ID 37 is logged in AD FS 2.0 Tracing/Debug

Logging / Tracing

• How to Set up AD FS 2.0 event logging
• How to Enable Debug Logging for Active Directory Federation Services 2.0 (AD FS 2.0)
• How to Configure Debug Tracing for AD FS 2.0
• AD FS 2.0: Event ID 47 is Logged in AD FS 2.0 Tracing/Debug with MSIS1022 and ID6008
• CRM 2011: How to Enable Verbose Windows Identity Foundation (WIF) Tracing for Claims-Based Authentication

Office 365

• Event 329 is generated when you try to start AD FS 2.0 in an Office 365 environment
• How to reestablish trust with the Microsoft Online Services ID service after the AD FS 2.0 server stops responding

Trusts

• Troubleshooting trust management problems with AD FS 2.0
• AD FS 2.0: The Admin Event Log Contains Error Event 320. "MSIS1010: Signed SAML message must have Destination URI specified."

QFEs Related to AD FS 2.0

You can use the following links to find the latest AD FS 2.0 hotfixes or QFEs.

• Installing AD FS 2.0 Hotfixes in Preparation for Office 365
• AD FS 2.0 QFE - The "500" error code is returned when you send an HTTP SOAP request to the "/adfs/services/trust/mex" endpoint on a computer that is running Windows Server 2008 R2 or Windows Server 2008
• AD FS 2.0 QFE - An identity-provider-initiated sign-on process is slow in Windows Server 2008 R2 and in Windows Server 2008
• WIF QFE - AD FS 2.0 does not parse non-string XML attribute values in SAML 2.0 assertions in Windows Server 2008 or in Windows Server 2008 R2

Additional AD FS 2.0 References

Here you will find additional reference links to related developer content, software downloads and related technologies.

Developer References

• AD FS 2.0 SDK
• AD FS 2.0 SDK Class Library (AD FS 2.0 Object Model)
• WIF SDK [Download | Read Online]
• WIF SDK Class Library (WIF Object Model)

Software Downloads

• AD FS 2.0 Software
• AD FS 2.0 Management Pack for Microsoft System Center Operations Manager 2007
• Forefront UAG 2010 SP1 (adds support for AD FS 2.0)
• Microsoft Federation Extensions for SharePoint 3.0 (adds support for AD FS 2.0)
• WIF Software
• WIF Extension for the SAML 2 Protocol (CTP Release)

Related Microsoft Products

• Active Directory Domain Services
• Active Directory Lightweight Directory Services
• Active Directory Rights Management Services
• Active Directory Certificate Services
• Windows PKI
• Windows Identity Foundation (WIF)
• Windows Azure AppFabric ACS

Related Open Standards

• OASIS Standards-SAML and more
• Kantara Initiative (formerly known as the Liberty Alliance)
• Shibboleth - open source for web based SSO
• Web Service Interoperability and Specifications (WS-*)
• Web Service Interoperability (WS-I) Organization

Community Resources

The following resources can be useful for obtaining AD FS community support and for keeping up with the latest AD FS content updates and news.
Forums

• Claims-Based Access Forum
• Directory Services Forum

Blogs

• Claims-Based Identity Blog
• AD FS Documentation Blog
• Identity and Access Management
• Security and Identity in the Cloud
• Kim Cameron Identity Blog
• Mike Jones - self-issued
• Vittorio Bertocci

Feeds

• Twitter Feed for "ADFS"
• TechNet Wiki Feed for "AD FS 2.0"
• Bing News Feed for "AD FS 2.0"

Posted in: CRM 2011 und IFD - ADFS 2.0