Configure AD FS for signed SAML requests
Enables AD FS to send signed SAML requests.
- Return to the relying party trust. In our example, EAA-RPT.
- In AD FS manager, edit properties of relying party trust.
- Under Signature tab, click Add.
- Add the cert.cer file from
- Click OK.
Since EAA uses internal certificate authority (CA) certificates to sign SAML
requests and AD FS does not trust them, disable revocation checking of the SAML
response for EAA in the AD FS server. Follow these steps:
- Open a powershell window.
Type the following: Get-AdfsRelyingPartyTrust -Identifier
Set-AdfsRelyingPartyTrust -SigningCertificateRevocationCheck None
This disables AD FS from doing revocation checking for SAML responses from EAA.