The Active Directory Federation Services Proxy Microsoft Management Console (MMC) snap-in is installed when you install the Federation Service Proxy component in Add or Remove Programs in Windows Server 2003 R2 or when you use the Add Roles Wizard in Windows Server 2008 or Windows Server 2008 R2. You can use the Active Directory Federation Services Proxy snap-in to:
-
Configure the Federation Service that this federation server proxy is acting as a proxy for.
-
Determine how to collect user credential information from browser clients and Web applications.
The settings in the Active Directory Federation Services Proxy snap-in are stored in the Web.config file in the Federation Service Proxy virtual directory.
Federation Service Proxy node
The Federation Service Proxy node in the snap-in's console tree hierarchy represents the current federation server proxy settings. You control the local federation server proxy configuration through this node in the Active Directory Federation Services Proxy snap-in. The actual client authentication certificate with the private key is present in the local computer personal certificate store.
Active Directory Federation Services (AD FS) distinguishes between the local configuration for a federation server proxy and the trust policy configuration that is shared among all servers in the federation server farm. The local proxy configuration is stored in the Web.config file, and it includes the following items:
-
The Federation Service Uniform Resource Locator (URL)
-
The client authentication certificate to be used by the federation server proxy for Transport Layer Security and Secure Sockets Layer (TLS/SSL) communication with the Federation Service
-
Microsoft ASP.NET Web pages