I've been following the steps in the following TechNet article in a Lab Environment to see how it all works:
https://technet.microsoft.com/en-us/library/hh305235.aspx#ExportCert
I've managed to get everything setup and working but was getting the following error when logging in via ADFS:
[SecurityTokenException: ID4014: A SecurityTokenHandler is not registered to read security token ('EncryptedData', 'http://www.w3.org/2001/04/xmlenc#').]
Microsoft.IdentityModel.Web.TokenReceiver.ReadToken(String tokenXml, XmlDictionaryReaderQuotas readerQuotas) +522
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request) +439
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +539
Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +207
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +176
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +187
I found a few articles that suggested it was a problem with the SharePoint Server not being able to decrypt the Token from ADFS for some reason. I was able to get the system working by removing the Token Signing Certificate from the ADFS server but am not sure why it wasn't working with it in place?
I had the Token Signing certificate "installed" on the SharePoint server correctly via the New-SPTrustedRootAuthority command shown in the article above. I also checked that it has the correct Thumbprint, etc.
Anyone got any thoughts as to why it won't work?
Cheers for now
Russell