This topic describes how to install the Active Directory Federation Services (AD FS) web agent on Forefront Unified Access Gateway (UAG).

To install the AD FS web agent

  1. On the Forefront UAG server, click Start, point to Administrative Tools, and then click Server Manager.

  2. Right-click Roles, and then click Add Roles to start the Add Roles Wizard.

  3. On the Before You Begin page, click Next.

  4. On the Select Server Roles page, click Active Directory Federation Services. Click Next twice.

  5. On the Select Role Services page, select the Windows Token-based Agent check box and then click Next.

  6. On the Specify Federation Server page, type the URL of the Federation Server, and then click Next. Do not click Validate.

  7. After verifying the information on the Confirm Installation Selections page, click Install.

  8. On the Installation Results page, verify that everything installed correctly, and then click Close.

  9. Make sure that the AD FS web agent can communicate with the AD FS server.

    1. On the Forefront UAG server, click Start, and then in the Start Search box, type inetmgr and press ENTER.

    2. In the Internet Information Services (IIS) Manager, in the navigation tree, click the server name.

    3. In the center pane, in the Other section, double-click Federation Service URL.

    4. Copy the URL and access it from a Web browser.

      You must be able to access the URL from a Web browser for Forefront UAG to work with AD FS.