Share via


Configure a Computer for the Federation Server Proxy Role

Applies To: Active Directory Federation Services (AD FS) 2.0

After you configure a computer with the required certificates and have installed the Active Directory Federation Services (AD FS) 2.0software, you are ready to configure the computer to become a federation server proxy. You can use the following procedure so that the computer acts in the federation server proxy role.

Important

Before you use this procedure to configure the federation server proxy computer, make sure that you have followed all the steps in Checklist: Setting Up a Federation Server Proxy in the order that they are listed. Make sure that at least one federation server is deployed and that all the necessary credentials for authorizing a federation server proxy configuration are implemented. You must also configure Secure Sockets Layer (SSL) bindings on the Default Web Site, or this wizard will not start. All these tasks must be completed before this federation server proxy can function.

After you finish setting up the computer, verify that the federation server proxy is working as expected. For more information, see Verify That a Federation Server Proxy Is Operational.

Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To configure a computer for the federation server proxy role

  1. There are three ways to start the AD FS 2.0 Federation Server Configuration Wizard. To start the wizard, do one of the following:

    • On the Completed the AD FS 2.0 Setup Wizard page in the AD FS 2.0 Setup Wizard, a check box named Start the AD FS 2.0 Federation Server Proxy Configuration Wizard when this wizard closes is selected by default.

    • Click Start/Administrative Tools, and then click AD FS 2.0 Federation Server Proxy Configuration Wizard.

    • Anytime after the setup wizard is complete, open Windows Explorer, navigate to the C:\Program Files\Active Directory Federation Services 2.0 folder, and then double-click FspConfigWizard.exe.

  2. Using either method, start the wizard, and on the Welcome page, click Next.

  3. On the Specify Federation Service Name page, under Federation Service name, type the name that represents the Federation Service for which this computer will act in the proxy role.

  4. Based on your specific network requirements, determine whether you will need to use an HTTP proxy server to forward requests to the Federation Service. If so, select the Use an HTTP proxy server when sending requests to this Federation Service check box, under HTTP proxy server address type the address of the proxy server, click Test Connection to verify connectivity, and then click Next.

  5. When you are prompted, specify the credentials that are necessary to establish a trust between this federation server proxy and the Federation Service.

    By default, only the service account used by the Federation Service or a member of the local BUILTIN\Administrators group can authorize a federation server proxy.

  6. On the Ready to Apply Settings page, review the details. If the settings appear to be correct, click Next to begin configuring this computer with these proxy settings.

  7. On the Configuration Results page, review the results. When all the configuration steps are finished, click Close to exit the wizard.

    There is no Microsoft Management Console (MMC) snap-in to use for administering federation server proxys. To configure settings for each of the federation server proxys in your organization, use Windows PowerShell cmdlets.

Additional references

Checklist: Setting Up a Federation Server Proxy