locked
Login does not work internally RRS feed

  • Question

  • Hello,

    I have installed an ADFS 3.0 farm to be used with Office 365 services. There are two internal ADFS servers with DNS round robin and one WAP server. A second WAP server will be added later when a load balance solution will be set up. 

    Everything went smoothly and I am able to access the services from outside the network without any issue. However when I try to log in from the inside of the corporate network I am redirected to ADFS login page but I receive an error: 

    Log In
    Sorry, we cannot log you in.
    An invalid request was received.

    The error is translated from german so it might be slightly different in english.

    A proxy server is also present in the infrastructure and I have configured the ADFS service name and internal servers name to bypass the proxy but I receive the same error. 

    Do you have any ideas what I should do to solve this?

    Thanks,

    Best regards!

    Florin

    Later edit:

    I have narrowed down the issue a little: The exact error I receive is: AADSTS51004: To sign into this application the account Account ID== must be added to the Azure AD ID directory

    In ADFS I have the following error: 

    A token request was received for a relying party identified by the key 'urn:federation:MicrosoftOnline', but the request could not be fulfilled because the key does not identify any known relying party trust. 
    Key: urn:federation:MicrosoftOnline 

    This request failed. 

    User Action 
    If this key represents a URI for which a token should be issued, verify that its prefix matches the relying party trust that is configured in the AD FS configuration database.

    Anybody has advices?

    Thanks!

    Wednesday, April 26, 2017 6:20 PM

Answers

  • Found the answer.

    Integrated Windows Authentication was configured in infrastructure. If I tried to login with a user the credentials for logged-on user were sent. ADFS was giving the error because it was expecting a token for another user.

    Thursday, April 27, 2017 4:48 PM