Child pages
  • AD FS Metadata Config
Skip to end of metadata
Go to start of metadata

Microsoft AD FS Metadata Configuration

Although Microsoft AD FS is not able to directly consume the InCommon metadata aggregate, there are numerous third-party tools that can help. One such tool is the ADFSToolkit

Recommended practice for AD FS deployments

AD FS IdP deployments are strongly encouraged to use ADFSToolkit or pysFEMMA to refresh and verify InCommon metadata.

Limitations

AD FS

  • AD FS will not consume an <md:EntityDescriptor> element that contains an expired certificate.
  • AD FS will check any CRLs or OCSP endpoints that might be contained in the certificate.
  • AD FS will not consume two <md:EntityDescriptor> elements that contain the same certificate.
  • AD FS will not consume an <md:EntityDescriptor> element containing more than one encryption key.
  • No labels