Tracing ADFS 2016 requests with Fiddler RRS feed

  • Question

  • I'm trying to trace an OAuth2 flow with Fiddler.

    I've checked the "Decrypt HTTPs traffic" and "Ignore server certificate errors" in the HTTPs options, and trusted the Fiddler root certificate.

    I start my application on localhost, through Visual Studio. It's a web application, registered as a server application in ADFS, that accesses a web API in the same application group.

    Without Fiddler everything works, but if I'm running Fiddler, when I try to access the API I get an error saying IDX10804: Unable to retrieve document from: 'https://my.adfs.server/adfs/.well-known/openid-configuration'.

    Is there anything else that I need to do to get a trace with Fiddler?

    Paolo Tedesco - http://cern.ch/idm

    Thursday, November 9, 2017 2:03 PM

All replies

  • Can't repro. Make sure you are not running fiddler on ADFS.

    When I run fiddler on a client and try to access the endpoint https://adfs.verenatex.com/adfs/.well-known/openid-configuration it just works no matter if I have Fiddler running or not.

    Can you try to access the endpoint by typing it directly in the address bar?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Sunday, November 12, 2017 7:19 PM
  • Accessing directly the openid-configuration endpoint from the browser, I'm just prompted for a certificate warning, and after I add the certificate to the accepted exceptions it works.

    I guess that what's happening here is that the .net core middleware is verifying the certificates in some special way (I added Fiddler's root certificate to the trusted certification authorities) and throws a security exception.

    Thanks for your help, I will check further.

    Paolo Tedesco - http://cern.ch/idm

    Monday, November 13, 2017 9:16 AM