Key components that you need to figure out before federating your Windows Azure web role with your domain Active Directory.

If you are not sure what all the settings are, federate your first web application in Windows Azure with your domain ADFS could be very painful. There are a couple of key components that you would need to watch out for to ensure that this process is successful.

1. Proper Realm settings. When you are adding STS reference, it is one of the fields that you would need to enter. And it is how ADFS identifies which web application this request is from, and then redirect after authentication to the Return URL that you have setup with the ADFS federated services. So when you put in a request to your ADFS setup team, ensure that the realm is entered properly to prevent delay.
2. Return URLs (It most likely is just the domain of the web application, most likely not specific to a page, you probably would need to add the code for the claim in your default page. )
3. Ensure to put in request to your ADFS setup team to have the claimtypes that you need properly setup so you can consume in your web role.
4. Access level. You need to ensure that your ADFS setup team sets up the access level for your particular onboard is broad enough to fit your needs. They can probably setup the access level in a Security Group level, or all corp net users, or only a set of specific users/service accounts.
5. SSL ( you have to ensure that you have SSL installed in your application. And you need to ensure that it is only specific to your particular cloudapp when you request the SSL). At deployment, you would need to upload it into your own personal certificate store, and then export with a private key and upload into the Windows azure hosted services certificates. If the certificate is chained, you either need to break the chain or include all the certificates in the chain when you do the export from your personal certificate store.
6. In your web role, you would need to include the Microsoft.identityModel dll. But if you only set the property to copy always, it is definitely not enough. The web application would need the Microsoft.identityModel to be in the GAC as well as in the bin directory. So you would need to following the steps in this blog: to ensure that the identityModel is installed in the GAC when you deploy the web role. The basic steps for doing so is to add a start-up cmd and then include the gacutil.exe in the project as well as the startup cmd file, so at deployment time, the Microsoft.IdentityModel is installed to the GAC to ensure that the web role runs properly.