Hi,
I've got working ADFS 3.0 server which I already configured to support O365 and CRM 2013 server. All is working fine and without any problems. We recently decided to add workplace join feature to our domain. After configuring and ADFS server and WAP I can
join to workplace, all certificates are issued (I can see certificate issued by MS-Organization-Access in my personal store) and a new device is visible in Active Directory. Device registration log on ADFS server confirms successful enrollment:
Successfully enrolled device for user marcin@contoso.com.
As soon as I'm trying to open CRM or login to O365 I'm receiving an error on ADFS login page:
- Activity ID: 00000000-0000-0000-ae01-0080000000c9
- Relying party: Microsoft Office 365 Identity Platform
- Error time: Tue, 24 Jun 2014 16:04:45 GMT
- Cookie: enabled
- User agent string: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)
Admin log on ADFS server is registering error 364:
Encountered error during federation passive request.
Additional Data
Protocol Name:
wsfed
Relying Party:
urn:federation:MicrosoftOnline
Exception details:
Microsoft.IdentityServer.AuthenticationFailedException: MSIS5000: Authentication of the device certificate failed. ---> Microsoft.IdentityServer.Service.SecurityTokenService.DeviceAuthenticationException: MSIS5000: Authentication of the device certificate
failed.
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.AuthenticateDevice(RequestSecurityToken request, IClaimsPrincipal principal, Boolean isSSORequest)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.SubmitRequest(MSISRequestSecurityToken request, IList`1& identityClaimCollection)
Can somebody help me resolving problem?
Regards,
Marcin