Yesterday Microsoft released Update Rollup 2 for Active Directory Federation Services (AD FS) 2.0.
This update rollup includes hotfixes and updates that fix four (4) product issues and add one (1) new capability to the product. Summarised, the changes are as follows.
- AD FS 2.0 does not fully support the RelayState parameter for Security Assertion Markup Language (SAML) protocol. Update Rollup 2 for AD FS 2.0 adds a new capability that enables AD FS 2.0 to consume relay state in order to redirect the user to the RP application.
For more information on this new capability please see Supporting Identity Provider Initiated RelayState.
Product issues resolved
- Issue 1: There is a reliability issue in AD FS 2.0 in which AD FS 2.0 Federation Service stops responding to requests in certain cases, especially when there is a large load on AD FS 2.0 federation server or federation server proxy. This issue can occur in both federation passive and federation active scenarios.
- Issue 2: The whr parameter that is specified by an application for a home realm discovery scenario overwrites the previously set home realm discovery cookie. This causes a user to be redirected to a different identity provider that the user cannot use to sign in when the user uses a different application.
- Issue 3: The AD FS 2.0 service stops unexpectedly when a valid certificate is set to the archived state.
- Issue 4: When you add an AD FS 2.0 federation server to a Windows Internal Database (WID) farm, you receive an error message. This issue occurs when the federation server is in a time zone that is later than the primary federation server in the WID farm.