Loading...

AD FS Claims Provider Trust

This video looks at the theory of a claim provider trust. In order to have a trust in Federation Services a relying party trust and a claims provider trust need to be created.

Download the PDF handout

Trusts in AD FS
In the previous video, a relying party trust was created in the ITFreeTraining domain. The configuration in this trust is used to create claims. These claims are sent to the HighCostTraining domain’s Active Directory Federation Server. The claims provider trust is the configuration that is created on that server. This configuration determines what happens when a claim is presented to that server. It may seem that the claims provider trust should be on the ITFreeTraining side. However, when you consider that the claim has been created already, the next step is to create a set of rules that determine what to do when the claim arrives at the server. That is, the claims provider trust is, essentially, the configuration that is used when a claim is presented to that server. If you get confused where the claims provider trust needs to be created, work out which servers accept claims and the configuration needs to be created there.

Claim Provider Trust
The configuration for the claims provider trust is only one rule. In contrast to the relying party trust which is 3 rules. The rule decides what claims are accepted and also allows changes to the data in that claim to be made.

References
“Understanding Key AD FS Concepts” http://technet.microsoft.com/en-us/library/ee913566.aspx

Theme developed by TouchSize - Premium WordPress Themes and Websites