Deploying Federated Applications

Applies To: Windows Server 2008

To deploy a federated Windows NT token–based application or claims-aware application in the resource partner organization, complete each of the tasks in Checklist: Installing a Windows NT Token-Based Application or Checklist: Installing a Claims-Aware Application.


When you use this checklist, we strongly recommend that you first read the references to federated application planning in the AD FS Design Guide before continuing to the procedures for configuring the servers. Following the checklist in this way helps provide a better understanding of the full Active Directory Federation Services (AD FS) design and deployment story for federated applications.

The type of federated application that you choose to deploy will determine the type of AD FS Web Agent and setup tasks that you need to apply to your AD FS-enabled Web server. In other words, if your Web server will host only claims-aware applications, you install only the assemblies of the AD FS Web Agent that are used for claims-aware applications. For more information, see Identify the Type of Federated Application to Deploy.

About Windows NT token–based applications

A Windows NT token–based application is an Internet Information Services (IIS) application that has been written to use Windows native authorization mechanisms and that is not prepared to consume AD FS claims. Windows® SharePoint® Services is one example of a Windows NT token–based application. You can configure Windows SharePoint Services, through AD FS, to provide access to SharePoint sites across the Internet.

About claims-aware applications

Claims are statements about a user, such as the user's e-mail address or job function. A claims-aware application is a Microsoft ASP.NET 2.0 application that has been written using the AD FS library and that is fully capable of using claims to make authorization decisions directly. A claims-aware application accepts claims that the Federation Service sends in AD FS security tokens.