This topic shows how to perform trust management using FedUtil. FedUtil is a tool for establishing trust from relying party (RP) applications to security token services (STSes). Trust management is about maintaining the trust relationships between RPs and their STSes. For more information about FedUtil, see FedUtil - Federation Utility for Establishing Trust from an RP to an STS.
How to Schedule Metadata Updates Using FedUtil
First, use FedUtil to establish trust from an ASP.NET or WCF relying party application to an existing STS, as described in Establishing Trust from an ASP.NET Relying Party Application to an STS using FedUtil and Establishing Trust from a WCF Relying Party Service to an STS using FedUtil. Continue to the Summary page.
The Summary page includes a checkbox labeled “Schedule daily metadata updates for this application”. If you check this checkbox, FedUtil schedules a task to run at 12:00 AM every day. If you want to run the task more than once a day, you can update the task in the Task Scheduler. You can find the Task Scheduler in the Control Panel under Administrative Tools. If you have configured multiple RP applications with FedUtil, you might see multiple tasks.
The task retrieves the STS’s federation metadata and
updates the application’s configuration with the updated metadata.
If the STS signing certificate has been updated, the task updates
issuerNameRegistry element in the application’s
If the STS’s federation metadata is updated shortly after the metadata update task runs, you’ll need to run FedUtil and update the application’s configuration file manually. To see how to do this, see the section “Update Federation Metadata” in Establishing Trust from an ASP.NET Relying Party Application to an STS using FedUtil or Establishing Trust from a WCF Relying Party Service to an STS using FedUtil.
Note that if the list of claims offered by the STS has changed, you’ll need to update the RP application’s configuration manually to change the claims it requests.
When the task runs, it creates a log file in the same folder as the RP application’s web.config file. The Task Scheduler shows whether the task succeeded or failed.