I'm trying to set up a claims-aware web app development environment. I am new to ADFS 2.0 and ultimately, I want to be able to authenticate against two different domains. I think I am very close but I'm getting a certificate error from one of the ADFS servers.
During processing of the Federation Service configuration, the element 'serviceIdentityToken' was found to have invalid data. The private key for the certificate that was configured could not be accessed.
This error is recorded in the ADFS server event log on domain #1 after I enter credentials in the web app. Even with working credentials, I get passed to a 401 unauthorized access page.
The user account running the ADFS service has permissions to the private key of the certificate so I am not sure why I am getting this error.
What I have done so far:
- Created a server on domain #1 and installed ADFS 2.0
- Created a server on domain #2 and installed ADFS 2.0
- Created a third development server with VS 2010 on domain #1
- Built a simple application on the dev server and made it federation aware (as per http://msdn.microsoft.com/en-us/library/bb897402.aspx); in the web.config, the federation server is set to the server on domain #1
I also haven't set up a Relying Party Trust on either of the ADFS servers. Is this necessary? I can't seem to find any good documentation explaining how this is supposed to work.
I have followed this ( http://blogs.msdn.com/b/alextch/archive/2011/06/27/building-a-test-claims-aware-asp-net-application-and-integrating-it-with-adfs-2-0-security-token-service-sts.aspx ) guide in setting this up, but I feel like there is probably a simple step I have missed somewhere.
To summarize:
- Why might I get that certificate error above?
- Am I missing any steps in setting up ADFS so that I can authenticate against both domains? (I am probably missing a step to link the two ADFS servers together)
Thanks in advance for any help on this. Someone who is familiar with ADFS could probably set this up in matter of minutes!