Friday, September 14, 2012

ADFS : Beware the FedUtil shortcut


Running FedUtil is a PIA.

I find it much easier to save the web.config, deploy the application and then use WinMerge to copy over the relevant pieces from the saved web.config to the deployed one.

But beware.

There is also the metadata directory.

If ADFS is setup to update from metadata and you redeploy it, it drags over the new (and probably incorrect) metadata into the RP section. So if you were testing on your PC i.e. “localhost” suddenly all hell breaks loose because ADFS will throw an exception. I’ll bet your application is not on the ADFS box, right?

So save the metadata as well.

And always run a smoke test after a redeploy.


No comments: