Using ADFS 2 with Live Id as a Claims provider

Question

Has anyone succeeded in configuring ADFS2 to use Live Id (or Google, Yahoo etc) as a Claims provider, and if so where did you get the configuration instructions (can you share them please) I have previously manged to do this with ACS in Azure to connect to Live Id and ADFS, but would like use ADFS as the "HUB"

Answer 1

AD FS 2.0 itself does not allow authentication against a custom authentication store: it can only authenticate Active Directory accounts. (See this answer of mine for the official documentation at this point.)

A solution is suggested in an answer to another StackOverflow question, although the wording is a bit misleading. If you read the actual blog post you see that they add an extra STS. AD FS 2.0 has a 'Claims Provider Trust' for that other STS, and redirects to it (if the 'home realm discovery' is set up correctly). That other STS then performs the authentication in whichever way it likes (e.g., using a Google or Live account), sends a token back to AD FS, which then runs its claim rules.

So in that solution it is not AD FS 2.0 authenticating against an alternative store, but redirecting to an STS which authenticates against that store.