I am receiving an exception on ADFS while integrating private.xyz.com. The exception says.
Microsoft.IdentityServer.Service.SecurityTokenService.RevocationValidationException: MSIS3015: The signing certificate of the claims provider trust 'https://private.xyz.com/sp' identified by thumbprint '****************************' is not valid. It might indicate that the certificate has been revoked, has expired, or that the certificate chain is not trusted. at Microsoft.IdentityServer.Service.Tokens.MSISX509SecurityToken.MatchesKeyIdentifierClause(SecurityKeyIdentifierClause keyIdentifierClause) at System.IdentityModel.Tokens.SecurityToken.ResolveKeyIdentifierClause(SecurityKeyIdentifierClause keyIdentifierClause) at
The signing certificate is configured in the relying party trust
Get-AdfsRelyingPartyTrust "private" | fl name,RequestSigningCertificate
The thumbprint which I am getting for the certificate is same what I am getting in the error message. And the certificate is also not expired.
What all do I need to configure so I can resolve this?
If the certificate has not been revoked or is still current, it is usually because ADFS can't locate the certificate revocation list on the Internet. You can turn this off via PS.
Also, it could be that the intermediate certificates aren't loaded into the certificate store or that the certificate itself is not trusted.
You could manually add it to Trusted Certificates.