Install the Federation Service Proxy Role Service

Applies To: Windows Server 2008

After you configure a computer with the prerequisite applications and certificates, you are ready to install the Federation Service Proxy role service of Active Directory Federation Services (AD FS). You can use the following procedure to install the Federation Service Proxy role service. When you install the Federation Service Proxy role service on a computer, that computer becomes a federation server proxy.

Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To install the Federation Service Proxy role service

  1. Click Start, point to Administrative Tools, and then click Server Manager.

  2. Right-click Roles, and then click Add Roles to start the Add Roles Wizard.

  3. On the Before You Begin page, click Next.

  4. On the Select Server Roles page, click Active Directory Federation Services. Click Next two times.

  5. On the Select Role Services page, select the Federation Service Proxy check box, and then click Next.

Note

If you are prompted to install additional Web Server (IIS) or Windows Process Activation Service role services, click Add Required Role Services to install them, and then click Next.

  1. On the Specify Federation Server page, type the URL of a valid Federation Server, and then click Next. To verify that this federation server proxy can contact the federation server, click the Validate button.

  2. On the Choose a Client Authentication Certificate page, do one of the following:

    • If you want to use an existing client authentication certificate that has already been added to the certificate store on the local computer, click Choose an existing client authentication certificate, highlight the appropriate certificate in the list, and then click Next.

    • If you want Setup to create a new, self-signed, client authentication certificate for this federation server proxy and add it to the personal store of the local computer, click Create a self-signed client authentication certificate, and then click Next.

  3. After verifying the information on the Confirm Installation Selections page, click Install.

  4. On the Installation Results page, verify that everything installed correctly, and then click Close.

Additional references

Checklist: Installing a Federation Server Proxy