Microsoft has announced improved interoperability with SAML 2.0 including support for federation metadata aggregates.
In particular the article mentions the InCommon federation. However, it doesn't work, ADFS won't consume the InCommon aggregate. I got the InCommon metadata aggregate endpoint URL from I tried using the production aggregate It doesn't work in the GUI because it require an HTTPS protocol prefix. It doesn't work in PowerShell either. Add-AdfsClaimsProviderTrustsGroup throws numerous errors about invalid enumerations.

For whatever reason InCommon doesn't serve the aggregate from an HTTPS URL. While one could debate whether that is a good practice or not, it is beside the point. The metadata aggregate is signed and is being successfully consumed by thousands of InCommon IdPs and SPs.

I know the work-around: just like prior versions of ADFS, one must extract the desired metadata manually and save it to a file.

I'm testing this on a fully patched Server 2016 machine. Either I'm doing something wrong or Microsoft didn't actually test the InCommon metadata aggregate.



Forum info:
Problems unsubscribing? Email admin@xxxxxxxxxxxxxxxx