Enable AD FS Web Agent—Specifies whether the Active Directory Federation Services (AD FS) Web Agent for Windows NT token–based applications is enabled. Select the check box to enable the AD FS Web Agent. Clear the check box to disable the AD FS Web Agent.

Cookie path—Provides a space for you to type a path to the location where the cookie is stored for Windows NT token–based application resources. If this information is not provided, the cookie path defaults to a path for the site: “/”.


An incorrect cookie path can result in the browser going into an infinite redirection loop. This applies to both claims-based applications and Windows NT token–based applications.

Cookie domain—Provides a space for you to type the domain for which the cookie is valid.

Return URL—Provides a space for you to type the Uniform Resource Locator (URL) to which the client is to be returned after authentication is complete. Typically, this is the same page that the client originally tried to retrieve. In addition, this URL must match the Audience element of the token. The Windows service checks for the Audience element.