Quantcast
Channel: Claims based access platform (CBA), code-named Geneva forum
Viewing all articles
Browse latest Browse all 2535

ADFS as IdP and SP

May 7, 2016, 3:07 am
$
0
0

Hi!

I've created a small home lab just for testing purpose, where I have 2 different domains (compa and compb).

CompA has a DC, ADFS and WEB-server joined to the domain and a WAP outside domain.
All of CompA-servers are located in subnet 10.10.10.0/24

CompB has DC and ADFS joined to the domain and a WAP outside domain.
All of CompB-servers are located in subbet 10.10.20.0/24

The domain controllers in each domain are also DNS-servers and I've created conditional forwarders between the domains.

The WEB-server in domain CompA has IIS and Windows Identity Foundation installed and has a simple claim app configured. (https://technet.microsoft.com/en-us/library/dn280939.aspx)

The ADFS and claim-app works perfectly fine in CompA domain.


The problem is when I try to use the ADFS-server in CompB as a Claim Provider Trust (IdP) so I can access the application in CompA with users from CompB domain the ADFS-server in CompB throws an error after the HRD page. 

Error from the webpage

An error occurred
An error occurred. Contact your administrator for more information.
Error details
  • Activity ID: 00000000-0000-0000-eb00-0080000000ba
  • Error time: Sat, 07 May 2016 09:48:24 GMT


And if I check the ADFS-eventlog on ADFS-server in CompB it has the following error:

Encountered error during federation passive request.
Additional Data
Protocol Name:
wsfed
Relying Party:
http://<federationservicename>/adfs/services/trust
Exception details:
Microsoft.IdentityServer.Web.InvalidScopeException: MSIS7007: The requested relying party trust 'http://fs.compa.se/adfs/services/trust' is unspecified or unsupported. If a relying party trust was specified, it is possible that you do not have permission to access the trust relying party. Contact your administrator for details.
   at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationSignInContext.ValidateCore()
   at Microsoft.IdentityServer.Web.Protocols.ProtocolContext.Validate()
   at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.GetRequiredPipelineBehaviors(ProtocolContext pContext)
   at Microsoft.IdentityServer.Web.PassiveProtocolListener.EvaluateHomeRealm(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
   at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)


Search
Viewing all articles
Browse latest Browse all 2535
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>