ADFS 2.0 - SAML integration : getting exception

1
votes

Activity ID: 00000000-0000-0000-4d00-0080000000c0 Error time: Wed, 27 Jul 2016 21:27:20 GMT Cookie: enabled User agent string: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.84 Safari/537.36

seems it is caused because of Form based authentication not enabled for ADFS. Solution for ADFS 3.0 is available and documented by Microsoft. Could not find working solution for ADFS 2.0 - form based auth configuration to resolve the above error.

Windows event logs shows:

EventID 364

Version 0

Data Saml

Data https://localhost:8443/spring-security-saml2-sample/saml/metadata

Data Microsoft.IdentityServer.Web.InvalidScopeException: MSIS7007: The requested relying party trust 'https://localhost:8443/spring-security-saml2-sample/saml/metadata' is unspecified or unsupported. If a relying party trust was specified, it is possible that you do not have permission to access the trust relying party. Contact your administrator for details. at Microsoft.IdentityServer.Web.Protocols.Saml.SamlSignInContext.Validate() at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.GetRequiredPipelineBehaviors(ProtocolContext pContext) at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

Any insight will be helpful.

1
saml-2.0adfsspring-saml

1 Answers

0
votes

Based on what you outputted, it looks like ADFS 3.0. So, https://blogs.msdn.microsoft.com/samueld/2015/06/05/office-modern-auth-adfs-making-it-work/ should help you.

You should not have seen an issue on ADFS 2.0 if it is the same issue unless your ADFS environment is not using the defaults. To change local authentication type in ADFS 2.x see http://social.technet.microsoft.com/wiki/contents/articles/1600.ad-fs-2-0-how-to-change-the-local-authentication-type.aspx

Thanks, Sam (@MrADFS)