In order for communication between the different systems (SAML Session Provider/IFS/AD FS) to work according to the SAML protocol, they need to be aware of and trust each other’s certificates. This set-up is partially automated during the initial configuration of the SAML Session Provider.
When the SAML Session Provider is started for the first time, it calls IFS to publish an SP configuration in IFS. The configuration must be finished manually from the Xi Platform Manager to publish the configuration to AD FS. This is described in the configuration procedure for the SAML Session Provider.