ADFS Error EventId: 111

1
votes

This error is getting me crazy for two days!.

I have a web server and an adfs server (both windows server 2012). I configured adfs correctly. I can see the adfs/ls authentication page and I can log on using an AD user from the adfs server. When I try to reach adfs/ls authentication page, from the web server, is redirecting correctly to the adfs server so I can enter my username and password. When is coming back I receive this error on the page:

There was a problem accessing the site. Try to browse to the site again.
If the problem persists, contact the administrator of this site and provide the reference number to identify the problem.
Authentication failed. Close the browser and try again, or contact your administrator for more information.
Reference number: 8949f368-ee3b-4c94-a749-63950dfc42b9

and on the adfs server I have this event id 111:

The Federation Service encountered an error while processing the WS-Trust request. 
Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue 

Additional Data 
Exception details: 
Microsoft.IdentityServer.Framework.SecurityTokenService.FailedAuthenticationException: MSIS3055: The requested relying party trust 'http://myserver.com/MyApplication' is unspecified or unsupported. If a relying party trust was specified, it is possible the user does not have permission to access the relying party trust. ---> Microsoft.IdentityServer.Service.Policy.PolicyServer.Engine.ScopeNotFoundPolicyRequestException: MSIS3020: The relying party trust with identifier 'http://myserver.com/MyApplication' could not be located.
   --- End of inner exception stack trace ---
   at System.IdentityModel.AsyncResult.End(IAsyncResult result)
   at System.ServiceModel.Security.WSTrustServiceContract.ProcessCoreAsyncResult.End(IAsyncResult ar)
   at System.ServiceModel.Security.WSTrustServiceContract.EndProcessCore(IAsyncResult ar, String requestAction, String responseAction, String trustNamespace)

Microsoft.IdentityServer.Service.Policy.PolicyServer.Engine.ScopeNotFoundPolicyRequestException: MSIS3020: The relying party trust with identifier 'http://myserver.com/MyApplication' could not be located.

Relying party trust are configured in both servers, also certificates are correct but apparently something is missing or wrong. Any help would be much appreciated!

1
adfsadfs2.0adfs2.1

1 Answers

0
votes

The normal reason for this is that the WIF realm in the app. web.config does not match the string in the ADFS RP Identifiers tab.

And that includes the trailing slash!

You have:

http://myserver.com/MyApplication in ADFS

Did you configure it as:

http://myserver.com/MyApplication/ in WIF?