A Windows NT token–based application is an Internet Information Services (IIS) application that has been written to use traditional Windows native authorization mechanisms. This type of application is not able to consume Active Directory Federation Services (AD FS) claims.

Membership in the Administrators local group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.

You can use the following procedure to add a Windows NT token–based application to the Federation Service trust policy.

To add a Windows NT token–based application
  1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.

  2. In the console tree, double-click Federation Service, Trust Policy, and My Organization.

  3. Right-click Applications, point to New, and then click Application.

  4. On the Welcome to the Add Application Wizard page, click Next.

  5. On the Application Type page, click Windows NT token–based application, and then click Next.

  6. On the Application Details page, do the following, and then click Next:

    • In Application display name, type the name of the application.

    • In Application URL, type the Uniform Resource Locator (URL) of the application.


    This URL must match the return URL that is configured in the AD FS Web Agent for this application.

  7. On the Accepted Identity Claim page, select an identity claim type that the application will use to make authorization decisions, and then click Next:

    • If the application requires user principal name (UPN) identity claims to make authorization decisions, click User principal name (UPN).

    • If the application requires e-mail identity claims to make authorization decisions, click E-mail.

  8. If you do not want to enable the Windows NT token–based application now, on the Enable this Application page, clear the Enable this application check box, and then click Next.

  9. To add the new Windows NT token–based application and close the wizard, click Finish.