[IdP] Help with IdP error upon log in

[IdP] Help with IdP error upon log in

  
Forge Component
(25)
Published on 4 Jul by Telmo Martins
25 votes
Published on 4 Jul by Telmo Martins

Hi,

Just want to ask on how to resolve below error in my IdP. I just followed the PDF instructions on how to configure IdP. I don't have any background with SAML and ADFS. So I just basically followed the PDF.



Hi Chan,


You must check with you IdP server admin what cause the error (i.e., a detailed error).

Can be some missing configuration on IdP connector or IdP server.


Regards,

Hi Telmo,

Here's the detailed error I got from our IdP server admin.


Log Name: AD FS/Admin

Source: AD FS

Date: 9/25/2017 3:55:53 PM

Event ID: 364

Task Category: None

Level: Error

Keywords: AD FS

User: ****

Computer: *****

Description:

Encountered error during federation passive request.

Additional Data

Exception details:

Microsoft.IdentityServer.Web.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. ---> System.ServiceModel.FaultException

at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClientManager.ProcessRequest(Message request)

at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClient.ProcessRequest[T](MSISSamlRequest samlRequest)

at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClient.CreateErrorMessage(HttpSamlMessage httpSamlMessage, SamlStatus status)

at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SendSamlError(SamlStatus status)

--- End of inner exception stack trace ---

at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SendSamlError(SamlStatus status)

System.ServiceModel.FaultException

at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClientManager.ProcessRequest(Message request)

at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClient.ProcessRequest[T](MSISSamlRequest samlRequest)

at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClient.CreateErrorMessage(HttpSamlMessage httpSamlMessage, SamlStatus status)

at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SendSamlError(SamlStatus status)


Thanks,

Chan

You have to dig deeper into event-log and such, because this stack-trace is too small.

You should be able to get more info by actually asking the administrator.

It could be anything..


Hi Telmo,

But does this mean that my configuration in IdP is correct rather there's an issue in the IdP Server?


Thanks

Hi Chan,

Actually no.

Can be an issue caused by the connector or IdP server.

The IdP server admin should provide information regarding that and why the IdP server could not process the request.

The reason for the error can be anything... a bad request caused by missing configuration on the connector... a missing configuration on IdP server, etc etc.


Regards.

Telmo Martins wrote:

Hi Chan,

Actually no.

Can be an issue caused by the connector or IdP server.

The IdP server admin should provide information regarding that and why the IdP server could not process the request.

The reason for the error can be anything... a bad request caused by missing configuration on the connector... a missing configuration on IdP server, etc etc.


Regards.


Hi Telmo,

Can you help me where I can find the specific error? Coz the administrator doesn't know where to find the error too. I'm blinded now as I have no experience in SAML as well as in ADFS. Thank you very much for your very responsive answers.


Regards

Hi Chan,

Unfortunately I'm not aware of ADFS administration details and how to manage it from an administrative perspective.

The error occurs only after you enter your credencials on ADFS login page, or as soon as you are redirected to ADFS login page.

Regards.

Telmo Martins wrote:

Hi Chan,

Unfortunately I'm not aware of ADFS administration details and how to manage it from an administrative perspective.

The error occurs only after you enter your credencials on ADFS login page, or as soon as you are redirected to ADFS login page.

Regards.


Hi Telmo,

The error occurs after I enter the credentials on the ADFS login page.


Regards.

Hi Chan,

In that case just confirm on IdP connector pages, under SAML -> Messages, if the Authn message is logged and if the SAML xml looks fine. If all seems good, most probably its a missing/wrong configuration on ADFS.

Regards.