I installed a standalone AD FS 2.0 server running as NetworkService.
I switched the service to run under a domain account since I have not gotten anywhere with my previous post:
http://social.msdn.microsoft.com/Forums/en-US/Geneva/thread/8ef9f258-d4e2-4f1d-b4ad-a7f91671b485
Now I always receive the following error while trying to issue tokens:
The Federation Service could not authorize token issuance for the caller 'domain\serviceaccount' on behalf of the subject 'domain\userAccount' to the relying party 'http://fullyqualifiedname/adfs/services/trust'.
Use Windows PowerShell comments for AD FS 2.0 to ensure that the caller is authorized on behalf of the subject to the relying party.
I am guessing that this is referring to 'Delegation Authorization Rules'?
I permited access to all users for the 'Delegation Authorization Rules' to see if this made a difference.
I still receive the same error every time. I didn't have much faith in this working since I cannot seem to get any Issuance Authorization Rules to work other than 'Permit Access to All Users'.
