The following protocol will help you change your SharePoint ADFS security provider from version 2.0 to the 2016 version 4.0.
Hi level steps for changing the security provider including uploading a new certificate and running a power shell to change the SharePoint token issuer settings.
- RDP your SharePoint application server.
- Upload your new ADFS farm SSL certificate to your Application server and place it on the C drive.
- create a folder on the c drive for example : c:\sharepoint\SSLcertificates
- upload your new ADFS certificate to this folder on the application serve
- Open your PowerShell editor with Administrator account and take a snapshot of the current setting of your SPTrustedIdentityTokenIssuer.
- take a snapshot of your current security provider settings so you will be able to roll back if needed.
- use the following PowerShell :
This short script will change the certificate from your current ADFS to the new ADFS server. I used this script to change ADFS 2.o to ADFS 4.0
One important note!
You will need to run New-SPTrustedRootAuthority on the authority certificate provider in order to prevent getting the error that the root authority is not trusted.
#Site Certificate $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2(“C:\yourpath\Authcertificate.cer”) new-SPTrustedRootAuthority -Name “ADFS4.0Auth” -Certificate $cert clear # ADFS Certificate $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2(“C:\your token provider certificate path”) New-SPTrustedRootAuthority -Name “ADFS4” -Certificate $cert $ti = Get-SPTrustedIdentityTokenIssuer $ti.ProviderUri = ‘https://yourADFS domain/ADFS/ls/‘ $ti.SigningCertificate = $cert $ti.update()