Monday, August 06, 2012

ADFS : Some of the content in the federation metadata was skipped


If you configure ADFS on a regular basis, you are pretty much guaranteed to get this message.

The full text is that it is not supported by ADFS and you should review carefully.

The first step is to get the RP metadata as a file and have a look at it.

The number one reason in my experience is that the connection is http rather than https.

ADFS REQUIRES https – no exceptions.

The number two reason is that the federation has SAML1 stuff e.g.

<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location=https://xxx index="1"/>

will throw the warning.


1 comment:

Anonymous said...

Great information, I've seen this on a number of occasions and have pretty much came to the same conclusion that these were due to SAML 1.1 metadata.