Adfs Integration Saml Request Error #707
Comments
|
Hmm, very hard to diagnose that. Perhaps a self-signed SSL cert that's not properly trusted? |
|
Thank you for the quick response, Looking through the AdfsBridge code it appears the only ver that it uses for those steps is the ADFS Encryption cert. I had to modify my version of the IdServer site so that the ADFS cert is chosen from the local certificate store via a drop down. It then uses the same code for grabbing the cert that you had for grabbing the signing cert from the personal certificate store. Are there any special permissions I need to set for the app pool identity in order to get all the pieces it needs from the ADFS cert? Since that cert is public key only I wouldn't think I need any other permissions besides access to the store itself, which I can confirm it has since the IdServer signing cert can be accessed and used just fine. Are there any more trust steps that I may be missing? |
|
I'm embarrassed to admit that I found out the problem was just a matter of different certificates being used. ADFS was expecting a temp cert I had set up before, but IdServer was using a newer cert instead, so the issue step was failing. |
I am getting an error when attempting to request a new token from ADFS based on a saml assertion. Based on the error my suspicion is that it has something to do with my ADFS Encryption certificate, but I don't really know for sure. Do you have any suggestions on which parts of the code/setup I should look at to fix this?
This is the error I'm seeing in the trace log:
Error while communicating with ADFS: System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when processing the security tokens in the message.
--- End of inner exception stack trace ---
Server stack trace:
at System.ServiceModel.Channels.SecurityChannelFactory
1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at System.ServiceModel.Security.IWSTrustContract.Issue(Message message)
at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst)
at Thinktecture.IdentityServer.Protocols.AdfsIntegration.AdfsBridge.Authenticate(ClaimsIdentity identity, String appliesTo)
at Thinktecture.IdentityServer.Protocols.AdfsIntegration.AdfsController.ProcessSamlRequest(TokenRequest request)
The text was updated successfully, but these errors were encountered: