Enabled—Specifies that the application is enabled. Clear the check box to disable the application.

Display name—Provides a space for you to type the friendly name of the application.

Application URL—Provides a space for you to type the Uniform Resource Locator (URL) for the application. The application URL is generally the root of the tree of Active Directory Federation Services (AD FS)–protected content. The configured value must match the return URL, which is configured in the AD FS Web Agent.

Public Key Infrastructure (PKI)—When you select this option, the Federation Service uses its token-signing certificate to protect security tokens for this application.

Domain service account—When you select this option, the Federation Service uses a Kerberos request to protect security tokens for this application. If you select this option, you must specify a service principal name (SPN) for the target service account.

For the AD FS Web Agent for claims-aware applications, the SPN must be registered for the application pool identity for the protected application, for example, www/sales.treyresearch.net.

For the AD FS Web Agent for Windows NT token–based applications, the SPN must be registered for the service account of the AD FS Web Agent Authentication Service (typically, the machine account, except in farmed designs), for example, host/sales.


Table Of Contents