locked
ADFS 2.0-Relying party wants a XML file that contains the Token Decrypting certificate in it? RRS feed

  • Question

  • I am still running ADFS 2.0 on Win2008R2.  I have a new relying party who is requesting a xml file that also contains our token-signing certificate.  I exported the cert, without the key, which is normal and I sent them the xml below. They are saying they need a XML file with the cert in it.  I guess I am missing something, but what does a relying party typically need from an IDP?

    https://fs.contoso.com/FederationMetadata/2007-06/FederationMetadata.xml

    Thanks,


    Dave



    Tuesday, June 7, 2016 3:49 PM

Answers

  • It needs the metadata.

    The signing key is in the metadata.

    They can look for the "use=signing" certificate and copy and paste the Base64 encoded part into a .cer file.

    That's the token-signing certificate.

    • Marked as answer by DaveBryan37 Tuesday, June 7, 2016 9:39 PM
    • Unmarked as answer by DaveBryan37 Tuesday, June 7, 2016 9:50 PM
    • Marked as answer by DaveBryan37 Tuesday, June 7, 2016 9:58 PM
    Tuesday, June 7, 2016 9:37 PM

All replies

  • It needs the metadata.

    The signing key is in the metadata.

    They can look for the "use=signing" certificate and copy and paste the Base64 encoded part into a .cer file.

    That's the token-signing certificate.

    • Marked as answer by DaveBryan37 Tuesday, June 7, 2016 9:39 PM
    • Unmarked as answer by DaveBryan37 Tuesday, June 7, 2016 9:50 PM
    • Marked as answer by DaveBryan37 Tuesday, June 7, 2016 9:58 PM
    Tuesday, June 7, 2016 9:37 PM

  • "use=signing" is not showing anything.  Any ideas?



    Quote problem - you search for   use="signing"
    Tuesday, June 7, 2016 9:39 PM