This topic describes how to configure your SharePoint Server 2007 alternate access mapping (AAM) application and Active Directory Federation Services (AD FS) 2.0 server to allow users to access your SharePoint 2007 AAM application using AD FS 2.0.


SharePoint Server 2007 must be installed on a server running Windows Server 2008 or Windows Server 2008 R2. Windows Identity Foundation and Microsoft Federation Extensions for SharePoint 3.0 are not supported on previous versions of Windows Server.

Before configuring your SharePoint 2007 AAM application to use AD FS 2.0 authentication, make sure that you have installed the following:

Plan your AAM configuration if it is a new application or an existing application, in particular, make sure that the AAM name that you publish through Forefront UAG is the same as the relying party that you configure on the AD FS 2.0 server.

To configure a SharePoint AAM application with claims-based authentication

  • Use Federated Document Collaboration Using Microsoft Office SharePoint Server 2007 and AD FS 2.0 ( as a guide to configure your SharePoint Server 2007 to use claims-based authentication.

    • The document uses specific names, based on a virtual lab that you can also download. Make sure that you enter server and application names appropriate to your organization.

    • When you configure the claim rules that the AD FS 2.0 server sends to the SharePoint site (Step 3 in the document), use the Pass Through or Filter an Incoming Claim template, as described in Configure the SharePoint server as a relying party of the Federation Service.

    • When you configure access to the SharePoint site (Step 4 in the document), when adding users, you must enter the user details according to the format of the claim value of the claim type that you configured for the SharePoint claim-based application. For example, contoso\user, or