You need to install a single instance of the Federation Server per domain. So in your case since Machine A and Machine B are on the same domain,
you can just install the federation-server.ear file on any one of them.
You need to install jboss-sso.sar on both machines though.
Just make sure in the jboss-sso.sar/conf/sso.cfg.xml you point to the Trust Server (which is the Federation Server also)
<!-- sso processor for SingleSignOn, the default JBossSingleSignOn processor uses OpenSAML-1.0, the next version of this processor will use the latest SAML specification --> <sso-processor> <processor class="org.jboss.security.saml.JBossSingleSignOn"> <property name="trustServer">http://node1.jboss.com:8080/federate/trust</property> </processor> </sso-processor>
Here make sure the trust server points to the url where the federation server is installed.
Just to clarify the binaries:
jboss-federation-server.ear is the federation server (one per domain)
jboss-federation-server-exploded.ear is same but exploded ear file
jboss-sso.sar - sso service archive (must be installed on all partner instances)