locked
ADFS 3.0 Client Authentication Error 1000 - Federation to AzureAD RRS feed

  • Question

  • At one Customer we see ADFS Events 1000 and 111 regardint the Federation between ADFS and AzureAD. Generally the Federation works ok, but we still have some issues.

    Logs telling me that there was a token issuance request *from the client* that cannot be fulfilled.
    So I enabled ADFS Auditing for further and got some more Detail.
    Event 413 tells again that token request for AzureAD federation from an Application could not be fulfilled - but gives me no idea why it failed.
    So I scanned for correlated Events. Here is what I got in chronologic order.
    -----
    Event 403 (Client Info & Endpoint)
        Activity ID: 36ff2470-116f-4633-ab0c-8f0849f20450
        Request Details:
        Date And Time: 2018-03-16 13:56:06
        Client IP: 172.17.224.17
        HTTP Method: POST

    Event 431 (Request Detail)
        An active request was received at STS with RST containing:
        Activity ID: 36ff2470-116f-4633-ab0c-8f0849f20450
        RST Details:
        KeySize: -
        KeyType: http://schemas.microsoft.com/idfx/keytype/bearer
        RequestType: http://schemas.microsoft.com/idfx/requesttype/issue
        TokenType: -
        SignatureAlgorithm: -
     Event 410 (more Detail)
        Following request context headers present :    
        Activity ID: 36ff2470-116f-4633-ab0c-8f0849f20450 
        X-MS-Client-Application: -
        X-MS-Client-User-Agent: -
        client-request-id: -
        X-MS-Endpoint-Absolute-Path: /adfs/services/trust/13/windowstransport
        X-MS-Forwarded-Client-IP: -
        X-MS-Proxy: -
    Event 300 (The error - giving me no hint what exactly failed...)
       The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
       Activity ID: 36ff2470-116f-4633-ab0c-8f0849f20450
       Request type: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue
       Additional Data
       Exception details:
       Microsoft.IdentityServer.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your    administrator for details.
       at Microsoft.IdentityModel.Threading.AsyncResult.End(IAsyncResult result)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult.End(IAsyncResult ar)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.EndProcessCore(IAsyncResult ar, String requestAction, String responseAction, String trustNamespace)

    Event 413 (Summary)
       An error occurred during processing of a token request. The data in this event may have the identity of the caller (application) that made this request. The data includes an Activity ID that you can cross-reference to error or warning events to help diagnose the problem that caused this error. 
       Additional Data
       Activity ID: 36ff2470-116f-4633-ab0c-8f0849f20450
       Caller: <ClientName>
       OnBehalfOf user:  -
       ActAs user: -
       Target Relying Party: urn:federation:MicrosoftOnline
       Device identity: -
       Client IP: 172.17.224.17
    -----

    Any idea what exactly is worng?

    best regards

    Pirmin

    Friday, March 16, 2018 2:11 PM

All replies

  • Hello Pirmin,

    do you have any updates on your issue? I have a customer with the same errors, but everything is working fine...

    Tuesday, June 12, 2018 7:40 AM