Hello I am new in ADFS, I know that with ADFS you can enable SSO between different organization, but that is about it. I need to build a SSO that can use SAML 2.0, I heard ADFS 2.0 can support SAML 2.0 This is what I need to achive Setup and windows 2008 R2 ADFS 2.0 on LAN (server name: ADFS1), setup an ADFS 2.0 Proxy server (server name: ADFS-proxy) on DMZ and seupport SAML 2.0. Local users want to access a 3rd party web site (on internet) that supports SAML 2.0. Questions: 1. When I add ADFS 2.0 role on windows 2008 R2, I have following options: Federation server, Federation Service Proxy, ADFS Web Agents, claims-aware agent, windows token-based agent. do I need them all on the ADFS1 server? or just some of it? 2. For ADFS-Proxy, I found this technet article (http://technet.microsoft.com/en-us/library/dd807130(WS.10).aspx), I think I will follow the direction on this, but I still do not know what port I need to open between DMZ and LAN? what/which ports do I need to open? Thanks

Hello Edoardo, Thank you for your help. One more question, when I setup certification, do I need them on both ADFS1 and ADFS-proxy, or do I need it only on ADFS-proxy server? If I need them on both ADFS1 and ADFS-proxy, when I request a 3rd party cert, what subject name should I use? My guess is I just need to install 3rd party certs on ADFS-proxy, but ADFS1 keeps asking for a cert to be installed. Thanks,

Hello Edoardo, I found the asnwer by myself. (http://technet.microsoft.com/en-us/library/dd807055(WS.10).aspx) Thank you!