I have installed a load balancing set of VM's both ADFS 3.0 and Web Proxy in the Azure cloud. I have an existing virtual VPN gateway back to my infrastructure running. Everything runs fine and I can hit the metadata.xml file from any browser internally and externally. When I try to add the metadata.xml file to third-party applications they error out about authentication or error opening connection. I figure if I can hit the metadata.xml file from a browser these applications should hit them. Any suggestions? Thanks
5. To configure claimapp to work with your federation server, do the following:
Run FedUtil.exe, which is located in C:\Program Files (x86)\Windows Identity Foundation SDK\v3.5.
Set the application configuration location to C:\inetput\claimapp\web.config and set the application URI to the URL for your site, https://webserv1.contoso.com /claimapp/. Click Next.
Select Disable certificate chain validation, and then click Next.
Select No encryption, and then click Next. On the Offered claims page, click Next.
Select the check box next to Schedule a task to perform daily WS-Federation metadata updates. Click Finish.
Your sample application is now configured. If you test the application URL https://webserv1.contoso.com/claimapp, it should redirect you to your federation server. The federation server should display an error page because you have not yet configured the relying party trust. In other words, you have not secured this test application by AD FS.
You must now secure your sample application that runs on your web server with AD FS. You can do this by adding a relying party trust on your federation server (ADFS1).
Probably is to follow on to "Create a relying party trust on your federation server" and checking a valid SSL certificate in the computer certificate store for third party certificate should contain the name of their web server, and in the example above it (claimapps - "3rd party") has SSL cert CN map and bind to webserv1.contoso.com.
gisi2100
ASKER
Are you saying download their SSL cert from the third-party vendor and add it to Third Party Root Cert Auth?
gisi2100
ASKER
Update on Error
details = Unable to register idp
Error in registering Idp for account id
Error in parasing Idp metadata form url "https://<adfs-server>/federationmetadata/2007-06/federationmetadata.xml"
Exception: peer not authenticated
Probably is to follow on to "Create a relying party trust on your federation server" and checking a valid SSL certificate in the computer certificate store for third party certificate should contain the name of their web server, and in the example above it (claimapps - "3rd party") has SSL cert CN map and bind to webserv1.contoso.com.