Active Directory Federation Services (AD FS) 2.0 Update Rollup 1

http://support.microsoft.com/kb/2607496

Update Rollup 1 resolves the following issues:

• KB2254265 (http://support.microsoft.com/kb/2254265) The "500" error code is returned when you send an HTTP SOAP request to the "/adfs/services/trust/mex" endpoint on a computer that is running Windows Server 2008 R2 or Windows Server 2008
• KB2272757 (http://support.microsoft.com/kb/2272757) An identity-provider-initiated sign-on process is slow in Windows Server 2008 R2 and in Windows Server 2008
• The "400" error code is returned when sending an authentication request to AD FS 2.0 federation server proxy through Windows integrated authentication endpoint (Nego 2)
• Decrease in performance occurs on AD FS 2.0 federation server when a user who is authenticating has a large number of group memberships.
• Failure to join an AD FS 2.0 federation server to an existing SQL-based federation server farm when the AD FS 2.0 administrator that tries the join operation does not have admininistrator rights to the SQL Server database.
• AD FS 2.0 Federation Service cannot create or verify Security Assertion Markup Language (SAML) tokens when the private keys of an AD FS 2.0 token-signing certificate and/or token decryption certificate are stored by using third-party cryptographic service providers (CSP), for example hardware security mode (HSM).

Posted in: Active Directory,Microsoft