I'm trying to add a Trusted Relying Party using the ADFS 2 wizard. My dev site (IIS hosted) has an HTTP binding at port 61080 while the HTTPS binding is on port 61443. I've got a self signed .PFX certificate for SSL.
The ADFS 2.0 server is a Win2K8 R2 server hosted in a VM. This server is also a (dummy, for testing only) Domain Controller. The ADFS site is using a self signed certificate as well.
I've added the ADFS 2 site as an STS to my dev site using FedUtil. Now here's the problem, when I try to add the dev site as a trusted relying party on the ADFS server, I get this error message…
An error occurred during an attempt to
read the federation metadata. Verify
that the specified URL or host name is
a valid federation metadata endpoint.Verify your proxy server setting. For
more information about how to verify
your proxy server setting, see the AD
FS 2.0 Troubleshooting Guide
(http://go.microsoft.com/fwlink/?LinkId=182180).
Error message: The underlying
connection was closed: Could not
establish trust relationship for the
SSL/TLS secure channel.
In an attempt to resolve this problem, I've exported both the self signed certificates and added them to the "personal" and "trusted root certification authorities" in both machines but still no luck. The link mentioned in the error message offers some generic advice which hasn't been of any help.
Does any one have any ideas?
-Thanks!
Best Answer
I found the problem. The corporate network policies were restricting traffic between a computer in the domain and my non-domain VM.