Hello,
I tried to use the https://login.windows.net/common/FederationMetadata/2007-06/FederationMetadata.xml tenant-independent federation metadata endpoint to create an ACS identity provider, but that does not work.
I am getting this error:
HTTP Error Code: 401
Message: ACS20001: An error occurred while processing a WS-Federation sign-in response.
Inner Message: ACS50008: SAML token is invalid.
Trace ID: 751c1b4f-ebe5-4ba8-a016-55284a9ce7b7
Timestamp: 2013-11-07 11:10:54Z
Most probably because the second reason mentioned here http://msdn.microsoft.com/en-us/library/windowsazure/jj571618.aspx. The EndityID in the metadata ishttps://sts.windows.net/{tenantid}/, while the in the Issuer name in the SAML token most probably {tenanted} is replaced with the guid of the tenant. So it seems that the ACS WS-Federation Identity provider can’t handle the tenant-independent metadata.
Is there a way to make this work?
Jaap Mosselman