During the last couple of weeks I’ve assisted a customer with moving applications from ADFS 3.0 (Server 2012 R2) to ADFS 4.0 (Server 2016). When trying to move an application utilizing Shibboleth we ran into an error when reading the federation metadata from the new farm:
ERROR OpenSAML.MetadataProvider.XML : metadata instance failed manual validation checking: EmailAddress must have TextContent.
The supplier hadn’t seen this issue before and neither had I. Google gave me nothing to go on, so I decided to compare the FederationMetadata.xml files from the different environments. This is how you get the metadata.
At the very end of the XML I noticed the support contact information being different (none of the environments had this information filled out).
<!-- ADFS 3.0 --> <ContactPerson contactType="support"/>
<!-- ADFS 4.0 --> <ContactPerson contactType="support"><EmailAddress/><TelephoneNumber/></ContactPerson>
The combination of this being a difference and containing the “EmailAddress” mentioned in the error I felt fairly confident this was the issue so I proceeded with updating the support option by:
- Opening the “AD FS Management” console on the new primary ADFS
- Right-clicking “Service” and selecting “Edit Federation Service Properties…”
- Navigating to the “Organization” tab and filling out the support contact section
After the information was updated I checked the FederationMetadata.xml again and the information at the end of the file was now updated.
<ContactPerson contactType="support"><GivenName>Martin</GivenName><SurName>Nyberg</SurName><EmailAddress>martin.nyberg@technut.se</EmailAddress><TelephoneNumber>+4670xxxxxxx</TelephoneNumber></ContactPerson>
You can probably skip filling in the First name and Last name as they are not shown in the XML by default. If you skip Telephone number you’ll receive a similar error stating that “TelephoneNumber must have TextContent”.
Now you know how to get rid of the “EmailAddress must have TextContent” error. The supplier had no issues importing the federation metadata after making these changes and the application was moved without issues.