The Wingtip Toys forest hosts a web application that users in the Tailspin Toys forest need to
access. You are the system administrator at Tailspin Toys. A single federation server is present in
each forest and you are configuring a federated trust.
Which of the following statements are true about the deployment solution? (Choose all that
apply.)
A.
The AD FS server in the Wingtip Toys forest will function as the claims-provider server.
B.
The AD FS server in the Wingtip Toys forest will function as the relying-party server.
C.
You need to configure a relying-party trust on the AD FS server in the Tailspin Toys forest.
D.
You need to configure a claims-provider trust on the AD FS server in the Tailspin Toys forest.
B
C
Correct, they change the system administrator role arround to the other company, Wingtip Toys…so take note on which side you sit
Its B and D sorry
??
Are you sure?
Claim-prover is where the users exist?
RP the resusrs? or am I misstaken?
B and C.
Wingtip is the relying party and hosts the resource, and the Wingtip ADFS server is a Relying Party server.
The Wingtip server also needs a Claims-provider trust to trust the claims coming from Tailspin.
Tailspin is the Claims-provider, and hosts the users submitting the claims. The Tailspin ADFS server is a Claims-provider server.
The Tailspin server needs a Relying party trust to trust the relying server at wingtip.
Source: CBT Nug.
https://technet.microsoft.com/en-us/library/ee913566.aspx
In the AD FS Management snap-in, claims provider trusts are trust objects typically created in resource partner organizations to represent the organization in the trust relationship whose accounts will be accessing resources in the resource partner organization.
That would translate to a claims provider trust in Wingtip, not a possible answer and you’re not a Wingtip administrator.
In the AD FS Management snap-in, relying party trusts are trust objects typically created in:
Account partner organizations to represent the organization in the trust relationship whose accounts will be accessing resources in the resource partner organization. (accounts from Tailspin accessing resources in Wingtip)
Resource partner organizations to represent the trust between the Federation Service and a single web-based application.
Therefore, relying party trust created in Tailspin, answer C.
Concur with Mike: Wingtip is the relying party and hosts the resource, and the Wingtip ADFS server is a Relying Party server.
So together, that’s answer B and C
Wingtip is the “Relying party” which has the resources, and there you configure the “Claim provider trust” to signify that your are trusting Tailspen Toyes forest users to access your resource.
Tailspin Toys is the “Claim Provider” which has the users, and there you configure the “Relying Party trust” to signify the your are sending claims about your users to specific forest in that case to Wingtip
In ADFS questions, we should take care of terms used. There is difference between Relying-party server and relying-party trust, also difference between claim-provider server and claim-provider trust.
In the scenario mentioned in the question:
Wingtip Toys will be relying-party since it will provide the resource.
Tailspin Toys will be claim-provider since it will provide the claim (not to be confused with the 2nd claim generated by relying-party to access the claim-aware web. Although one can argue according to the definition in Microsoft docs, it should be also a claim provider server too since it provides the 2nd claim. https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/technical-reference/understanding-key-ad-fs-concepts).
A relying-party trust should be created on both Wingtip and Tailspin (since both will provide claims). Note: relying-party trust is an object in ADFS used to configure the claims.
A claim-provider trust will only be created on Wingtip since it will consume the 1st claim. Note: claim-provider trust is an object created in ADFS with rules to accept the claims.
so answers should B,C.
A- No, Wingtip Toys is not the claims-provider server.
B- Yes.
C- Yes.
D- No, Tailspin will not consume any claims but generate it.