Hi,
I have an ADFS2 server which uses a SAML2 idp as a claim provider with the SOAP binding for Artifact resolution. Communication between ADFS and the IDP to resolve the artifacts are using mutual ssl. I've uploaded the IDP ssl certificate to the ADFS server trusted certificates store and communication is working as expected.
On the other hand, when the IDP requests the client certificate from ADFS, the later can't find the certificate. The certificate( with the key) is imported to both local machine\personal and adfs2_service\personal stores, with full permissions to everyone. I've enabled logging for Schannel and seeing the following error in the event vwr system log.
"The remote server has requested SSL client authentication, but no suitable client certificate could be found. An anonymous connection will be attempted. This SSL connection request may succeed or fail, depending on the server's policy settings."
And ADFS log shows: "System.ServiceModel.Security.MessageSecurityException: The HTTP request was forbidden with client authentication scheme 'Anonymous'. ---> System.Net.WebException: The remote server returned an error: (403) Forbidden."
How can I find which certificate store ADFS2 is using? I assumed it will be the local machine personal store or the ADFS2 service personal store.
Any ideas as to what else can be done to find the certificate?
Thanks,
Eitan