Creating a relying party trust using Federation Metadata

Applies To: Unified Access Gateway

When deploying Forefront Unified Access Gateway (UAG) with Active Directory Federation Services (AD FS) 2.0, you must configure the Forefront UAG server as a new relying party trust. To create the relying party trust, you must use the AD FS 2.0 Management snap-in, and import the Forefront UAG configuration data from federation metadata that Forefront UAG publishes to a local network or to the Internet.

Before creating the relying party trust, you must either copy the federation metadata file from the Forefront UAG server (or array manager server) to the AD FS 2.0 server or make sure you can access it on the AD FS 2.0 server over the Internet. The file was created during Forefront UAG activation and is located in the following folder: ...\Microsoft Forefront Unified Access Gateway\von\InternalSite\ADFSv2Sites\<trunk_name>\FederationMetadata\2007-06, or at the following URL: https://<Portal_FQDN>/InternalSite/ADFSv2Sites/<trunk_name>/FederationMetadata/2007-06/FederationMetadata.xml.

Perform the following procedure on the federation server in your organization: Create a Relying Party Trust Using Federation Metadata.


This procedure uses the option to import the metadata from a URL.