Hello all,
I have a new adfs 3 farm which I'm using for a range of internal services. it's running great, but now trying to also introduce our SP initiated SSO for Zscaler.com. It's failing out with 400 errors all the time.
I discussed with zscaler support and they set it up in a lab and got it to work. they told me I should modify my adfs service account to include a http/myfarmfqn entry.
I reviewed the spn entries for my service account and I see it was correctly provisioned with
host/myfarmfqdn
but no mention of
http/myfarmfqdn
which I then added. however, I still get 400 errors on accessing.
I've built internal test sites and they are all working. Very tricky to solve and I can't find much about it online except suggestions saying do exactly the above.