AD FS 2.0, out of the box, supports four local authentication types:
By default AD FS 2.0 Federation Servers use IWA and AD FS 2.0 Federation Server
Proxy servers use FBA. The reason for this is because we assume that you would prefer no credential prompt for your internal users who can directly contact your internal Federation Servers, and we also assume that users who
are coming from the internet via the Federation Server Proxy servers would not be able to experience integrated Windows authentication, thus a customizable forms-based page is the best fit.
If you prefer to select a non-default local authentication type, perform the following steps:
Note: There is no need to restart IIS or make any further changes. Your change will be immediately picked up by IIS since you edited the web.config.
If I want to change the local authentication type for my internal Federation Servers from IWA to FBA, the resultant web.config section would look like this:
<add name="Forms" page="FormsSignIn.aspx" />
<add name="Integrated" page="auth/integrated/" />
<add name="TlsClient" page="auth/sslclient/" />
<add name="Basic" page="auth/basic/" />
Windows Identity Foundation (WIF): How to Utilize the WS-Federation WAUTH Parameter to Specify an Authentication Type