Hello MS team,
I have a customer who runs a ADFS 3.0 organization with multiple internal ADFS 3.0 servers in the internal network, DB is hosted in a SQL DB clusters, and multiple WAP servers across 2 sites.
The company also created a relying party trust to allow SSO with a third party cloud partner named ServiceNow. By that time, the token signing certificate from my customer was exported and then sent to ServiceNow, when they proceeded to import the cert.
Same customer needs to create a second relying party trust with another cloud partner named SumTotal. SumTotal sent their metadata file and one cert, and when we tried to create a new RP using their metadata file, we were unable to complete the setup and
got an error. After further troubleshooting, we decided to manually create the RP with the help of their staff, however we cannot open their site.
The metadata files have already been exchanged and SSO has been configured on both ends. However, while accessing the Stage site, the attached error page is displayed on ADFS page[page is being
redirected to other SSO application[ServiceNow] with other RP
Here are my questions:
Since my client is the identity provider, do they have to share their token signing certificate and metadata file with the service provider in order to allow SSO and successfully access their application? if so, please elaborate
Is the service provider [SumTotal] required to provide their metadata file and token signing? if so, should I import their certificate onto computer personals store in the WAP and internal ADFS servers?
What are general steps that should be performed on both sites [Identity provider, and service provider] to allow SSO for a cloud application using ADFS 3.0?
Franki
