Configure IIS to Support a Federated Application

Applies To: Windows Server 2008

Claims-aware applications and Windows NT token–based applications must be configured to support sign-in requests from anonymous users. Complete the following procedures so that federated users can successfully access federated applications that are hosted on an Active Directory Federation Services (AD FS)–enabled Web server.

Configure IIS to enable anonymous access

You can use the following procedure to enable anonymous access in Internet Information Services (IIS) for your federated application.


When you enable the Windows token-based agent in IIS, anonymous access is enabled automatically. Therefore, if you are deploying a Windows NT token-based application on the AD FS-enabled Web server, you can choose to enable anonymous access using this procedure or you can bypass this procedure and let the Windows token-based agent do this for you after it is enabled.

To configure IIS to enable anonymous access

  1. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. In the console tree, double-click YourComputerName, double-click Sites, and then click YourWebSiteName.

  3. In the center pane, double-click Authentication, click Anonymous Authentication, and then in the Actions pane click Enable.