I am looking for some instructions to go along with the ADFS Diagnostics tool (using this on Server 2008 and I didn't see an ADFS forum).I think this comes down to my lack of knowledge on ADFS, but I have the situation as follows:servera.domaina.com hosts a sharepoint site that has been extended to the extranet zone for remote accessserverb.domaina.com hosts the ADFS on the domainA sideservera.domainb.com is where I want to allow access to the extranet siteSo in this scenario which would be the FS-A, FS-R, or Web Agent? Any help would be appreciated.

Hi, For your scenario, serverb.domaina.com is FS-A; FS-R is servera.domaina.com; In a typical transaction, an account-side FS (FS-A) retrieves user attributes from Active Directory, authenticates the user against Active Directory, generates a collection of claims for use in the access request, and issues a security token which includes the appropriate claims. Claims are statements made about users, understood by both parties in a federation, that are used for authorization purposes in an application (e.g, if Joe is a manager, then Joes access request may include the manager claim, which results in certain access rights). Based on the type of client, the FS-A returns the security token either to the FS Proxy or to the client. A second FS at the resource (FS-R) validates the token for authenticity, then consumes the token, passing the enclosed claims to an application for use in making authorization decisions. I also search the following resources about ADFS. I list them here and hope these would be helpful: Need help Troubleshooting ADFS? Check out the ADFS Diag Tool... http://blogs.technet.com/adfs_documentation/ ADFS Product Support Blog http://blogs.technet.com/adfs/ Introduction to Active Directory Federation Services http://www.microsoft.com/windowsserver2003/techinfo/overview/adfsoverview.mspx

Thanks.