Configure Authentication Methods for a Federated Application

Applies To: Windows Server 2008

By default, a Web application that you configure in Active Directory Federation Services (AD FS) accepts any of the following authentication methods:

  • Windows Integrated authentication (also referred to as Windows NT Challenge/Response authentication): A secure form of authentication because the user name and password are hashed before they are sent across the network.

  • User name and password authentication (also called Basic authentication): A widely used, industry-standard method for transmitting user names and passwords across the network in an unencrypted form.

  • Certificate or Secure Sockets Layer / Transport Layer Security (SSL/TLS) client authentication: A form of digital identification for your server and for clients that request information from your server. Its function is similar to that of a passport, or other official identity card, that identifies the person carrying it. Certificates are part of the SSL features in Internet Information Services (IIS) that establish a secure connection for sensitive information.

If you want to use a specific authentication method or methods, you can use the following procedure to select one or more methods that will apply to users of the application. Perform this procedure on a resource federation server.

Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (

To configure authentication methods for a federated application

  1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.

  2. Double-click Federation Service, double-click Trust Policy, double-click My Organization, double-click Applications, right-click the application whose authentication methods you want to change, and then click Properties.

  3. On the Authentication Methods tab, to select from the available authentication methods, do one of the following:

    • To allow all possible authentication methods in the list, select the Any check box.

    • To allow one or more of the available authentication methods, clear the Any check box, and then select one or more of the available methods.

  4. When you finish selecting authentication methods, click OK.