Applies To: Windows Server 2003 R2
You can use Active Directory Federation Services (ADFS) to enable efficient and secure online transactions between Partner organizations that are joined by federation trust relationships. In other words, a federation trust is the embodiment of a business-level agreement or partnership between two organizations.
As shown in the following illustration, you can establish federation trust relationships between two partner organizations when both of the organizations deploy at least one ADFS federation server and they configure their Federation Service settings appropriately. The one-way arrow signifies the direction of the trust, which — like the direction of Windows trusts — always points to the account side of the forest. This means that authentication flows from the account partner organization to the resource partner organization.
No communication occurs over the network between the account Federation Service and the resource Federation Service.
After you create the federation trust, users who are located in the account partner organization can send authentication requests successfully through the federation trust to the Web server in the resource partner organization. A federation trust is created when the account partner organization and the resource partner organization both install the Federation Service component of ADFS and they both use the Active Directory Federation Services snap-in to configure the account partner and resource partner appropriately.
If one side of a federation trust (either the account partner or the resource partner) is not configured or if it is configured incorrectly by the administrator for either organization, the federation trust will not be created successfully. For detailed guidance about how to create federation trusts, look for ADFS step-by-step or deployment content on the Windows Server 2003 R2 page (http://go.microsoft.com/fwlink/?LinkId=45560) of the Microsoft Windows Server 2003 TechCenter Web site.
Federation trusts are not used in the Web Single-Sign-On (SSO) scenario. For more information about the Web SSO scenario, see Federation scenarios.