locked
Issue adding relying party - An error occured during and attempt to read the federation metadata RRS feed

  • Pytanie

  • Hi,

    I followed this guide to set up an ADFS 2.0 lab environment. The only difference that I have is that I did not set up the ADFS server and the WIF application to be on the same box but rather on 2 different.

    My server configuration is as follows:

    • Server 1 - win 2008 R2 - Domain Controller, DNS
    • Server 2 - win 2008 R2 - CA, ADFS
    • PC 3 - win 7 - Development environment

    I successfully created my ADFS configuration STS and could add that as a STS reference in the .Net application in Visual Studio 2008 on my dev environment. I then needed to configure the WIF application to be a valid Trusted Relying Party and followed these steps:

    1. Created an SSL certificate request
    2. Submitted an SSL request and issued it via the CA
    3. Installed it on the Development environment
    4. Ran the ADFS 2.0 'Add Relying Party Trust Wizard'
    5. Got stuck with trying to find the Federation metadata address of the dev environment

    No matter what URL I put in https://win7dev.mydomain.com/ClaimsAwareWebAppWithManagedSTS (is what it is on my dev environment IIS), I just cannot seem to get this going.

     

    I can run my app now from the ADFS box by connection to https://win7dev.mydomain.com/ClaimsAwareWebAppWithManagedSTS but that url would just not work when adding as a trusted relying party :(

     

    Could a certificate mismatch error be the problem?

    Thanks

    Mike

     

    niedziela, 20 lutego 2011 14:59

Wszystkie odpowiedzi

  • That sounds like the most likely cause from what you described.  I'm only partially familiar with ADFS, but I'm learning, so the more advice I can provide.  But anyway, yes, you should ensure that both servers are in trust of the same cert, or you could run into issues. 
    • Zaproponowany jako odpowiedź przez MJLongman piątek, 8 czerwca 2012 15:10
    czwartek, 12 stycznia 2012 06:43
  • Hello,

    for AD FS questions the better forum is http://social.msdn.microsoft.com/Forums/en-US/geneva/threads/


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    czwartek, 12 stycznia 2012 07:28
  • Too late but I think this is still a problem in ADFS 4.

    While creating the AWS Relying party trust and putting the url for the aws metadata if you get the following error : An error occurred to read the federation data . Verify the proxy settings....  Then:

    Do it with a command line:
    Add-AdfsRelyingPartyTrust -Name "My App URL" -MetadataUrl "metadataURL"

    Example: for AWS SSO use:

    Add-AdfsRelyingPartyTrust -Name "AWS SSO" -MetadataUrl "https://signin.aws.amazon.com/static/saml-metadata.xml"

    https://docs.microsoft.com/en-us/archive/blogs/pie/adfs-2016-cannot-addupdate-relying-party-from-the-gui-from-metadata-files


    • Zmodyfikowany przez Tarvinder91 wtorek, 3 marca 2020 06:40
    wtorek, 3 marca 2020 06:38
  • This could be a GUI problem. I have solved this via setting up trust with AWS SAML using powershel

    Add-AdfsRelyingPartyTrust -Name "my app" -MetadataUrl "<Metadata-URL>"
    Update-AdfsRelyingPartyTrust -TargetName "my app"

    https://docs.microsoft.com/en-us/archive/blogs/pie/adfs-2016-cannot-addupdate-relying-party-from-the-gui-from-metadata-files    

    • Zmodyfikowany przez Tarvinder91 środa, 4 marca 2020 07:14
    środa, 4 marca 2020 07:14