Federation Servers

Updated: May 5, 2010

Applies To: Active Directory Federation Services (AD FS) 2.0

A federation server is a computer that runs a specialized Web service that can issue, manage, and validate requests for security tokens and identity management. Security tokens consist of a collection of identity claims, such as a user's name or role. In addition, a federation server can protect the contents of security tokens in transit with an X.509 certificate, which makes it possible to validate trusted issuers.

For more information about how to plan for federation servers in your organization, see Planning Federation Server Placement (http://go.microsoft.com/fwlink/?LinkId=182470) in the AD FS 2.0 Design Guide.

Deploy a federation server

You can deploy a federation server by using the AD FS 2.0 Federation Server Configuration Wizard or the Fsconfig.exe command-line tool.

For more information about how to deploy a new federation server, see Checklist: Setting Up a Federation Server (http://go.microsoft.com/fwlink/?LinkId=182177) in the AD FS 2.0 Deployment Guide.

page

You can create a sign-in Web page to interact with a user to determine the user's account realm if it is not already known by other means, such as query string parameters or cookies. The sign-in page uses the state information that the Hypertext Transfer Protocol (HTTP) module sets to interact with the home realm discovery service.