If I am a relying party, I can expose federation metadata to ease configuration for AD FS so I can import it into the Create a Relying Party Trust wizard. I can also choose to enable automatic updates so AD FS checks this file regularly. This file contains information like bindings but also certificates but I am not sure if it contains sensitive information.
My question is: Is it OK for this file to be publicly accessible to anyone besides AD FS? In other words, do I need to prevent access to that file for anyone but the AD FS host?
