At one Customer we see ADFS Events 1000 and 111 regardint the Federation between ADFS and AzureAD. Generally the Federation works ok, but we still have some issues.
Logs telling me that there was a token issuance request *from the client* that cannot be fulfilled.
So I enabled ADFS Auditing for further and got some more Detail.
Event 413 tells again that token request for AzureAD federation from an Application could not be fulfilled - but gives me no idea why it failed.
So I scanned for correlated Events. Here is what I got in chronologic order.
-----
Event 403 (Client Info & Endpoint)
Activity ID: 36ff2470-116f-4633-ab0c-8f0849f20450
Request Details:
Date And Time: 2018-03-16 13:56:06
Client IP: 172.17.224.17
HTTP Method: POST
Event 431 (Request Detail)
An active request was received at STS with RST containing:
Activity ID: 36ff2470-116f-4633-ab0c-8f0849f20450
RST Details:
KeySize: -
KeyType: http://schemas.microsoft.com/idfx/keytype/bearer
RequestType: http://schemas.microsoft.com/idfx/requesttype/issue
TokenType: -
SignatureAlgorithm: -
Event 410 (more Detail)
Following request context headers present :
Activity ID: 36ff2470-116f-4633-ab0c-8f0849f20450
X-MS-Client-Application: -
X-MS-Client-User-Agent: -
client-request-id: -
X-MS-Endpoint-Absolute-Path: /adfs/services/trust/13/windowstransport
X-MS-Forwarded-Client-IP: -
X-MS-Proxy: -
Event 300 (The error - giving me no hint what exactly failed...)
The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
Activity ID: 36ff2470-116f-4633-ab0c-8f0849f20450
Request type: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue
Additional Data
Exception details:
Microsoft.IdentityServer.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details.
at Microsoft.IdentityModel.Threading.AsyncResult.End(IAsyncResult result)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult.End(IAsyncResult ar)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.EndProcessCore(IAsyncResult ar, String requestAction, String responseAction, String trustNamespace)
Event 413 (Summary)
An error occurred during processing of a token request. The data in this event may have the identity of the caller (application) that made this request. The data includes an Activity ID that you can cross-reference to error or warning events to
help diagnose the problem that caused this error.
Additional Data
Activity ID: 36ff2470-116f-4633-ab0c-8f0849f20450
Caller: <ClientName>
OnBehalfOf user: -
ActAs user: -
Target Relying Party: urn:federation:MicrosoftOnline
Device identity: -
Client IP: 172.17.224.17
-----
Any idea what exactly is worng?
best regards
Pirmin
