locked
ADFS 2 export metadata how to RRS feed

  • Question

  • Windows 2008R2 / ADFS 2

    How do i export the metadata of a trust to a file so i can pass along the file for an import to create the trust ?

    Also is it possible to export the metadata from an ADFS 2.x install which could be imported into a ADFS 1.x install?

    Thanks


    Prakash
    Thursday, October 28, 2010 12:23 AM

Answers

  • Hi,

    Regarding "the metadata of a trust", do you mean trust policy settings in ADFS? If so, it’s possible.

    "By using the export and import features that are included with AD FS in Windows Server 2008, administrators can simply export their trust policy settings to an .xml file and then send that file to the partner administrator. This exchange of partner policy files provides all of the URIs, claim types, claim mappings, and other values and the verification certificates that are necessary to create a federated trust between the two partner organizations."

    http://technet.microsoft.com/en-us/library/cc772313(WS.10).aspx 

    For ADFS 2.0, the following blog describes how to use metadata to create trust:

    Using Federation Metadata to establish a Relying Party Trust in AD FS 2.0
    http://blogs.msdn.com/b/card/archive/2010/06/25/using-federation-metadata-to-establish-a-relying-party-trust-in-ad-fs-2-0.aspx

    I’m trying to confirm if we can export the metadata from ADFS 2.x and then import into ADFS 1.X.

    Thanks. 


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Mervyn Zhang Wednesday, November 3, 2010 8:16 AM
    Friday, October 29, 2010 8:55 AM

All replies

  • Hi,

    Regarding "the metadata of a trust", do you mean trust policy settings in ADFS? If so, it’s possible.

    "By using the export and import features that are included with AD FS in Windows Server 2008, administrators can simply export their trust policy settings to an .xml file and then send that file to the partner administrator. This exchange of partner policy files provides all of the URIs, claim types, claim mappings, and other values and the verification certificates that are necessary to create a federated trust between the two partner organizations."

    http://technet.microsoft.com/en-us/library/cc772313(WS.10).aspx 

    For ADFS 2.0, the following blog describes how to use metadata to create trust:

    Using Federation Metadata to establish a Relying Party Trust in AD FS 2.0
    http://blogs.msdn.com/b/card/archive/2010/06/25/using-federation-metadata-to-establish-a-relying-party-trust-in-ad-fs-2-0.aspx

    I’m trying to confirm if we can export the metadata from ADFS 2.x and then import into ADFS 1.X.

    Thanks. 


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Mervyn Zhang Wednesday, November 3, 2010 8:16 AM
    Friday, October 29, 2010 8:55 AM
  • Hi,

    I was told that it’s not possible to import metadata from ADFS 2.X into ADFS 1.X.

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, November 1, 2010 3:02 AM
  • Hi,

    Do you need any other assistance? If there is anything we can do for you, please let us know.

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, November 2, 2010 2:16 AM
  • The first link given above shows the ADFS 1.x GUI, it is not an example from ADFS 2.0 which has a different management GUI.

    The second link is for AD FS 2.0 but it does not show how to generate an export file, it only shows how to import published federation metadata.

    Thanks,

    Thursday, November 25, 2010 6:19 PM
  • I would like to know how to export ADFS 2.0 metadata file as well.
    Tuesday, June 7, 2011 11:54 PM
  • I have developed a tool (two console applications in C#) which could help you. It contains GetRelyingParty and AddRelyingParty console applications. The GetRelyingParty exports relying party information into a custom XML file. The XML file can be edited and used as a basis for creation of other relying parties. The AddRelyingParty creates a new relying party based on the XML file. You can find the precompiled applications and source code in Code Project under http://www.codeproject.com/KB/WC/ADFS2Tools.aspx

    Please be aware that this is a very first version I am using for our AD FS deployment. I will be working on the code to improve it (e.g. currently it does not cover all relying party attributes, but the "most popular" ones).

    Milos

    • Proposed as answer by Milos Cekovic Thursday, September 29, 2011 9:11 AM
    Thursday, September 29, 2011 9:11 AM
  • see:

    http://jorgequestforknowledge.wordpress.com/2012/08/31/leveraging-federation-metadata-to-setup-a-federation-trust-claims-provider-or-relying-party/


    Jorge de Almeida Pinto [MVP-DS] | Principal Consultant | BLOG: http://jorgequestforknowledge.wordpress.com/


    Sunday, December 16, 2012 6:02 PM