Hello I am new in ADFS, I know that with ADFS you can enable SSO between different organization, but that is about it. I need to build a SSO that can use SAML 2.0, I heard ADFS 2.0 can support SAML 2.0 This is what I need to achive Setup and windows 2008 R2 ADFS 2.0 on LAN (server name: ADFS1), setup an ADFS 2.0 Proxy server (server name: ADFS-proxy) on DMZ and seupport SAML 2.0. Local users want to access a 3rd party web site (on internet) that supports SAML 2.0. Questions: 1. When I add ADFS 2.0 role on windows 2008 R2, I have following options: Federation server, Federation Service Proxy, ADFS Web Agents, claims-aware agent, windows token-based agent. do I need them all on the ADFS1 server? or just some of it? 2. For ADFS-Proxy, I found this technet article (http://technet.microsoft.com/en-us/library/dd807130(WS.10).aspx), I think I will follow the direction on this, but I still do not know what port I need to open between DMZ and LAN? what/which ports do I need to open? Thanks

Hi, answers: 1) you need to install on Federation Server on ADFS1. 2) for this question read carefully this Technet article http://technet.microsoft.com/en-us/library/adfs2-troubleshooting-things-to-check(WS.10).aspx HTHEdoardo Benussi - Microsoft MVP Management Infrastructure - Systems Administration https://mvp.support.microsoft.com/Profile/Benussi Windows Server Italian Forum Moderator edo[at]mvps[dot]org