Proxy server Configuration in Windows
Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups.
- There are two ways to start the AD FS Federation Server Configuration Wizard. To start the wizard, do one of the following:
On the Start screen, typeAD FS Federation Server Proxy Configuration Wizard, and then press ENTER.
- Anytime after the setup wizard is complete, open Windows Explorer, navigate to the C:\Windows\ADFS folder, and then double-click FspConfigWizard.exe.
- Using either method, start the wizard, and on the Welcome page, click Next.
- On the Specify Federation Service Name page, under Federation Service name, type the name that represents the Federation Service for which this computer will act in the proxy role.
- Based on your specific network requirements, determine whether you will need to use an HTTP proxy server to forward requests to the Federation Service. If so, select the Use an HTTP proxy server when sending requests to this Federation Service check box, under HTTP proxy server address type the address of the proxy server, click Test Connection to verify connectivity, and then click Next.
- When you are prompted, specify the credentials that are necessary to establish a trust between this federation server proxy and the Federation Service.
By default, only the service account used by the Federation Service or a member of the local BUILTIN\Administrators group can authorize a federation server proxy.
- On the Ready to Apply Settings page, review the details. If the settings appear to be correct, click Next to begin configuring this computer with these proxy settings.
- On the Configuration Results page, review the results. When all the configuration steps are finished, click Close to exit the wizard.
There is no Microsoft Management Console (MMC) snap-in to use for administering federation server proxys. To configure settings for each of the federation server proxys in your organization, use Windows PowerShell cmdlets.
Configuring an Alternate TCP\/IP Port for Proxy Operations
By default, the federation server proxy service is configured to use TCP port 443 for HTTPS traffic and port 80 for HTTP traffic for communication with the federation server. To configure different ports, such as TCP port 444 for HTTPS and port 81 for HTTP, the following tasks must be completed.
If you intend to initially deploy AD FS to operate under alternate TCP\/IP ports, you should first modify ports in your IIS protocol bindings for HTTP and HTTPS on both the federation server and federation server proxy computers. This should occur before you run the AD FS configuration wizards for initial configuration. If you configure Internet Information Services (IIS) first, your alternate TCP\/IP port settings are discovered when wizard-based configuration occurs within AD FS, and the following procedure is not necessary. If you want to change the port settings later, update IIS protocol bindings first, and then use the following procedure to update port settings appropriately. For more information about editing IIS bindings, see article 149605 in the Microsoft Knowledge Base.