![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 8%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAH%3C/text%3E%3C/svg%3E)
1,303 questions
ADFS doesn't use IIS since Windows Server 2012 R2. It is built directly on the top on the HTTP.sys.
The federation metadata file is always available without authentication by default. You need to use the following URL: https://ADFSFARMURL/FederationMetadata/2007-06/FederationMetadata.xml
Where ADFSFARMURL is the FQDN of your farm not the FQDN of the server where the farm is. It has to be the right FQDN (not the IP address either) because of TLS/SNI (which in a nutshell will allow the TLS tunnel only if the FQDN that the client is sending is matching the FQDN registered in the HTTPs endpoint).