Access Manager Identity Server must have the trusted root of the ADFS signing certificate (or the certificate itself) listed in its trust store, and specified in the relationship. Most ADFS signing certificates are part of a certificate chain, and the certificate that goes into the metadata is not the same as the trusted root of that certificate. Because the Active Directory step-by-step guide uses self-signed certificates for signing, it is the same certificate in both the trust store and in the relationship.
To import the ADFS signing certificate’s trusted root (or the certificate itself) into the NIDP-Truststore, perform the following steps:
Click Devices > Identity Servers > Servers > Edit > Security > NIDP Trust Store > Add.
Next to Trusted Root(s), click the Select Trusted Root(s) icon.
This adds the trusted root of the ADFS signing certificate to the trust store.
Select the trusted root or certificate that you want to import and click Add Trusted Roots to Trust Stores. If there is no trusted root or certificate in the list, Import it.
Next to Trust store(s), click the Select Keystore icon.
Select the trust stores where you want to add the trusted root or certificate, then click OK > OK.
Update Identity Serve.
Configuration for Identity Server to trust the ADFS server is completed. The ADFS server must be configured to trust Identity Server. Continue with Configuring the ADFS Server.