ADFS 3.0 - Can the metadata.xml, specifically entityID signature change on the fly and does this break a relying party trust

Hi All,

We have SSO setup with a SaaS provider as  a relying party trust.
The login broke to the SaaS application for several hours and was only fixed after we re-sent the metadata xml file.
The main change in the current and previous xml file was the <EntityDescriptor ID

The main question is: How can this change? Would it require human intervention to change or can it change on the fly or in response to some event?

Thanks,
Andy
LVL 7
AndyIt ConsultantAsked:
Who is Participating?
 
AndyIt ConsultantAuthor Commented:
I think I may have found a clue.

On 01/12/2017 the Token-Decrypting self signed certificate renewed, although it seems to have taken 6 days to cause an issue, this is the nearest change I can find on the ADFS server farm. I assume this can change the metadata? and why 6 days?

Thanks,
Andy
0
All Courses

From novice to tech pro — start learning today.