Directory Programming .NET

Does anyone know if the web agent must be installed before MOSS is installed, or can MOSS be installed already and the web agent installed next?

I have an existing MOSS server that needs to be made ADFS enabled.

At this point I don't think it is an issue.  I have 100% pass on all my reports from the diag tool now for the MOSS, but I get a 404 now.

I don't think the order of the install for MOSS and the web agent matters.

I don't think it does either as long as you don't try to configure ADFS in MOSS before ADFS is installed.  :)

I've been trying to follow the walk throughs, my problem now is that my external site is using windows auth instead of FBA, so I will have to go back and make sure the Extranet side of the MOSS is setup to do FBA.

I have MOSS working in one partner, but I'm going to add a MOSS to another partner.

I'm just not 100% sure on one issue.  A collegue was under the impression that the MOSS site could only be joined to the external domain because the external domain trusts the users from the other two.  However, it is my understanding that because MOSS is setup just like a .NET 2.0 app (claims app) then that shouldn't matter.

I have .NET 2.0 apps in all three domains, and everyone can get to everything.  The caveat was that while the two internal domains are trusted by the external, the external is not trusted by the internals.  So I simply created my federation trusts to be internet based, not forest trust based.  After a few kinks of forgetting I had to specify the correct suffix, everything is working.

MOSS should simply be a .NET 2.0 like app and so I should be able to set them up and not have shadow accounts or anything, because it's not a windows token based app.

Is that correct?

If you are using the claims-aware agent (the SSO membership provider), then the domain affiliation of the MOSS server does not matter at all since Windows security tokens are not used by the web app.

that's what I thought, thanks joe!

I'm trying to setup the MOSS site as a claims agent, but I'm not able to add Organization Claims to the SharePoint group, searching for it doesn't return it.

I've been reading these posts:

http://blogs.technet.com/adfs/archive/2007/02/14/installing-moss-as-a-claims-aware-application-in-adfs.aspx

http://blogs.technet.com/adfs/archive/2007/07/30/update-on-configuring-moss-as-a-claims-aware-application.aspx

I must be missing something simple.  I enabled email claims because there is no forest trust.  There is an account store on the FS, but I'm not sure why that would matter.

the MOSS site that is on the domain that trusts all my other domains is working, it has the org claim having access

i.e. singlesignonroleprovider2:moss contributer is the group that authorizes ADFS users

but the MOSS site that is on one of my internal domains won't let me select that org claim from the role provider, it only allows me to add groups from the trusted internal domains

any ideas?