Update Rollup 2 for Active Directory Federation Services (AD FS) 2.0

Yesterday Microsoft released Update Rollup 2 for Active Directory Federation Services (AD FS) 2.0.

This update rollup includes hotfixes and updates that fix four (4) product issues and add one (1) new capability to the product.  Summarised, the changes are as follows.

New capability

  • AD FS 2.0 does not fully support the RelayState parameter for Security Assertion Markup Language (SAML) protocol.  Update Rollup 2 for AD FS 2.0 adds a new capability that enables AD FS 2.0 to consume relay state in order to redirect the user to the RP application.

For more information on this new capability please see Supporting Identity Provider Initiated RelayState.

Product issues resolved

  • Issue 1: There is a reliability issue in AD FS 2.0 in which AD FS 2.0 Federation Service stops responding to requests in certain cases, especially when there is a large load on AD FS 2.0 federation server or federation server proxy.  This issue can occur in both federation passive and federation active scenarios.
  • Issue 2: The whr parameter that is specified by an application for a home realm discovery scenario overwrites the previously set home realm discovery cookie.  This causes a user to be redirected to a different identity provider that the user cannot use to sign in when the user uses a different application.
  • Issue 3: The AD FS 2.0 service stops unexpectedly when a valid certificate is set to the archived state.
  • Issue 4: When you add an AD FS 2.0 federation server to a Windows Internal Database (WID) farm, you receive an error message.  This issue occurs when the federation server is in a time zone that is later than the primary federation server in the WID farm.
Advertisements

About Paul Williams

IT consultant working for Microsoft specialising in Identity Management and Directory Services.
This entry was posted in AD FS, News and tagged , , , , , , , , , . Bookmark the permalink.

One Response to Update Rollup 2 for Active Directory Federation Services (AD FS) 2.0

  1. Pingback: Update Rollup 3 for Active Directory Federation Services (AD FS) 2.0 | Yet another identity management blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s