locked
Issue adding relying party - An error occured during and attempt to read the federation metadata RRS feed

  • Soru

  • Hi,

    I followed this guide to set up an ADFS 2.0 lab environment. The only difference that I have is that I did not set up the ADFS server and the WIF application to be on the same box but rather on 2 different.

    My server configuration is as follows:

    • Server 1 - win 2008 R2 - Domain Controller, DNS
    • Server 2 - win 2008 R2 - CA, ADFS
    • PC 3 - win 7 - Development environment

    I successfully created my ADFS configuration STS and could add that as a STS reference in the .Net application in Visual Studio 2008 on my dev environment. I then needed to configure the WIF application to be a valid Trusted Relying Party and followed these steps:

    1. Created an SSL certificate request
    2. Submitted an SSL request and issued it via the CA
    3. Installed it on the Development environment
    4. Ran the ADFS 2.0 'Add Relying Party Trust Wizard'
    5. Got stuck with trying to find the Federation metadata address of the dev environment

    No matter what URL I put in https://win7dev.mydomain.com/ClaimsAwareWebAppWithManagedSTS (is what it is on my dev environment IIS), I just cannot seem to get this going.

     

    I can run my app now from the ADFS box by connection to https://win7dev.mydomain.com/ClaimsAwareWebAppWithManagedSTS but that url would just not work when adding as a trusted relying party :(

     

    Could a certificate mismatch error be the problem?

    Thanks

    Mike

     

    20 Şubat 2011 Pazar 14:59

Tüm Yanıtlar

  • That sounds like the most likely cause from what you described.  I'm only partially familiar with ADFS, but I'm learning, so the more advice I can provide.  But anyway, yes, you should ensure that both servers are in trust of the same cert, or you could run into issues. 
    • Yanıt Olarak Öneren MJLongman 8 Haziran 2012 Cuma 15:10
    12 Ocak 2012 Perşembe 06:43
  • Hello,

    for AD FS questions the better forum is http://social.msdn.microsoft.com/Forums/en-US/geneva/threads/


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    12 Ocak 2012 Perşembe 07:28
  • Too late but I think this is still a problem in ADFS 4.

    While creating the AWS Relying party trust and putting the url for the aws metadata if you get the following error : An error occurred to read the federation data . Verify the proxy settings....  Then:

    Do it with a command line:
    Add-AdfsRelyingPartyTrust -Name "My App URL" -MetadataUrl "metadataURL"

    Example: for AWS SSO use:

    Add-AdfsRelyingPartyTrust -Name "AWS SSO" -MetadataUrl "https://signin.aws.amazon.com/static/saml-metadata.xml"

    https://docs.microsoft.com/en-us/archive/blogs/pie/adfs-2016-cannot-addupdate-relying-party-from-the-gui-from-metadata-files


    3 Mart 2020 Salı 06:38
  • This could be a GUI problem. I have solved this via setting up trust with AWS SAML using powershel

    Add-AdfsRelyingPartyTrust -Name "my app" -MetadataUrl "<Metadata-URL>"
    Update-AdfsRelyingPartyTrust -TargetName "my app"

    https://docs.microsoft.com/en-us/archive/blogs/pie/adfs-2016-cannot-addupdate-relying-party-from-the-gui-from-metadata-files    

    4 Mart 2020 Çarşamba 07:14