Directory Programming .NET

We want to set up an instance of ADFS for testing purposes, right now we have one federation server with too account partners out in the wild. Is it possible for me to use the one federation server for both account and resource partner? I tried exporting a policy file and then creating an account partner and then exporting from that and importing as resource partner, but when I try to connect with our web app like normal, I get an access denied message after it prompts me for my active directory use credentials. When I run the diagnostic tool on the server as both account and resource partner checked I get an invalid SSL error. Do I need a second server to act as the account partner? Is there some other reason that I might get these errors?

Thanks.

In V1, you can either have an RP FS that also has an account store configured or you can set up a separate fed server to act as external account partner/IdP. Either can be done and made to work.

Having an account store configured on the RP is usually the easy way to get a way to log into the system with test users. However, the login flow is a little different and you don't end up doing things like mapping incoming claims. So, it depends on what you want to test. If you want an end to end test for your whole scenario, you might not want to build it this way.

It is possible but somewhat painful to have two separate FS's on the same IIS box if you give them separate IP addresses and host names (or possibly if you split by port I recommend against that). The painful part is that the MMC expects only one trust policy file on a given server, so managing both FSs on the same box can be tricky. From the IIS level though, it is totally possible. Not sure how this works with ADFS V2 yet.