Otherwise, logons using any claims providers not updated will fail.Ĭertificates that are used for token-signing and token-decrypting/encrypting are critical to the stability of the Federation Service. Whether you use the default internally generated certificates or externally enrolled certificates, when the token decrypting certificate is changed you must ensure all claims providers are updated with the new certificate information.If your organization requires that certificates from the enterprise PKI be used for token signing, this can be done using the DecryptingCertificateThumbprint parameter of the Install-AdfsFarm cmdlet.Use the AD FS default, internally generated, self-signed token decrypting certificates. This certificate is used by claims providers who encrypt tokens issued to AD FS. Otherwise, logons to any relying parties not updated will fail.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |