I have a simple ASP.NET Web Forms Application. I have configured the "Identity and Access" to use a business provided identity provider. The application points to ADFS instance configured in a Windows Server 2012 VM on Azure. The application is also deployed in a different VM on Azure. Then the ADFS 2.0 has been configured with a claims provider. The claims provider in this case is a Ping Federate server which supports SAML 2.0 protocol and this Ping Federate server is deployed inside my organization. The ADFS 2.0 is also configured with the relying party details, which is primarily my ASP.NET Web Forms Application. My Ping Federate is also configured successfully.
After all the configurations, when I log into the application, it successfully forwards it to ADFS login page. Once I choose the identity provider in the ADFS login page, it forwards the request to Ping Federate SSO Page. Once I provide my userid and password and submit, it appears like it successfully authenticates the user and redirects to the page https:// ${adfsserver}/ adfs/ls/and displays the below error message.
"There was a problem accessing the site. Try to browse to the site again.If the problem persists, contact the administrator of this site and provide the reference number to identify the problem.Authentication failed. Close the browser and try again, or contact your administrator for more information.Reference number: 539b40f5-f05f-4fd2-9f0f-37e2aef3ae7f "
The detailed error log in the Error Viewer for the above reference number is as below.
Encountered error during federation passive request.
"
Exception details:
Microsoft.IdentityServer.Protocols.Saml.SamlException: MSIS7012: An error occurred while processing the request. Contact your administrator for details.
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseForProtocolResponse(FederationPassiveContext federationPassiveContext)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponse(SecurityToken securityToken) "
I am clue less now, since the description does not reveal anything. Based on some amount of googling, I tried to change the hash algorithm at ADFS from SHA-256 to SHA-1, which resulted in a different kind of error.
Any help on this is greatly appreciated.
1. What could be the potential problem?
2. How can I configure ADFS to log additional information?
Thanks a lot
