Generating an Active Directory Federation Services (ADFS) SAML Certificate

Because there are multiple versions of Active Directory—and multiple configurations—we cannot guarantee this process will work for you. That said, it has proven successful for our customers who use Populi as a Service Provider and ADFS as an Identity Provider.

  1. In ADFS 2.0 > Service > Certificates, double-click the token signing certificate.
  2. Go to the Details tab and choose Copy to File.
  3. Choose Next, then Base-64 encoded X.509 (.CER), then Next once more. Browse to a file location and save it.
  4. Convert the certificate to a PEM-encoded X509certificate by running this script in openssl: openssl x509 -inform der -in Populi.crt -outform pem -out Populi.pem (the exact command may vary, but it will at least resemble that).
    • To check if you have the correct format, view your certificate as a text file. If the first line is -----BEGIN CERTIFICATE----- and the last line is -----END CERTIFICATE-----, you're in good shape!
  5. In Populi, log in as Populi account administrator.
  6. Go to Account > Single Sign-On (SP).
  7. Under Identity Provider Certificate, click Choose File and upload the certificate you just exported from ADFS.
  8. Scroll to the top of the screen and click Save Settings.
Was this article helpful?
0 out of 0 found this helpful
Submit a request


Article is closed for comments.