How to configure ADFS 2.0 to send SAML 2.0 token when using WS-Federation

Question

I have a related party application that can accept SAML 1.0 and 2.0 over WS-Federation. I configured my claims and trust relationship manually and everything works as expected.

I inspected the token being passed and realized it is SAML 1.1 token. (saml:Assertion element has MajorVersion and MinorVersion set to 1).

I re-ran "Add Relying Party Trust Wizard" and made sure I that selected "AS FS Profile" under "Choose Profile" - as it specifically mentions SAML 2.0 Protocol (which as I understand is not the same think as SAML 2.0 token being passed withing WS-Federation protocol, but seemed hopeful). I also combed through all remaining settings and I cannot see a setting to select token type.

How do you choose between SAML 1.0 and SAML 2.0 token when you configure Trust Relationship in ADFS?

I am actually not 100% sure which version of ADFS I am using, but "ADFS Management" shows version 6.2.0.0

Answer 1

"MMC; Help; About AD FS Management" shows the version indeed. It show the OS version. And Starting with S2012 ADFS is one-to-one linked with the OS version. You are probably on S2012 because 6.2 is S2012.

ADFS never wanted to send SAML2 Tokens to its WS-* Relying parties. ADFS always did stick to the SAML1 Tokens. SAML2 protocol mandates SAML2 Tokens. WS-* does not mandate them, and for backward compatibility and for other interop agreements they left it at SAML1 tokens?

Any specific reason why you would want a SAML2 Token? A regular WIF app will not notice the difference.