Updating the public keys for ADFS manually
Updating the public keys for ADFS manually includes the following steps:
-
- Getting the ADFS server token signing thumbprint
- Updating the Web.config file
Getting the ADFS server token signing thumbprint
- From the ADFS server, launch ADFS 2.0 Management console.
- Select Service > Certificates, and then double-click the Token-signing certificate.
- Select the Details tab.
- Select the Thumbprint field.
- To get the thumbprint value, remove all the spaces including the first space.
Updating the Web.config file
- Edit
<cp_root>\Enterprise\RP-STS_ADFS\web.config
- Find the ida:FederationMetadataLocation key under the <appSettings> element and clear its value:
<add key="ida:FederationMetadataLocation" value="" />
- Find the <issuerNameRegistry> element under <system.identityModel> and replace it with the following:
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="https://ADFS_FederationServiceName/a...services/trust">
<keys>
<add thumbprint="ADFS_Server_Token_Signing_Thumbprint" />
</keys>
<validIssuers>
<add name="https://ADFS_FederationServiceName/a...services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>