locked
ADFS 3.0 IE HTTP 400 Bad Request RRS feed

  • Question

  • Hello all,


    We have implemented ADFS 3.0 and try to login its testing page https://domain/adfs/ls/idpinitiatedsignon.aspx by using Internet Explorer. It keeps prompting for credentials and gets HTTP 400 Bad Request as result.

    However, it is working with Firefox.

    And I checked with my computer (Windows 7 Professional) event viewer, it has "The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server Administrator" and I have already checked SPN in server has no duplication.

    Any idea ?

    Thanks a lot !

    Wednesday, April 27, 2016 10:29 AM

All replies

  • Have you added the FQDN or domain name that your ADFS Service Name is part of to the "Local intranet" or "Trusted Sites" in Internet Explorer ?

    For example: sts.mydomainname.com

    Wednesday, April 27, 2016 2:54 PM
  • Have you added the FQDN or domain name that your ADFS Service Name is part of to the "Local intranet" or "Trusted Sites" in Internet Explorer ?

    For example: sts.mydomainname.com

    Yes, we did.

    And we are using Internet Explorer version as below.

    Version 11.0.9600.17633
    Update Versions: 11.0.16 (KB3021952)

    Thursday, April 28, 2016 12:45 AM
  • More information of the server side.

    Windows Server 2012 R2

    ADFS 3.0

    Using Go Daddy Certificate as the Service Communication & tokens

    Thursday, April 28, 2016 1:05 AM
  • Can you share a sanitized Fiddler trace?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, April 28, 2016 6:01 PM
  • Hello, Did you solve the issue? Please share your sulution because we have this same situation.

    Carlos Sanchez

    Thursday, June 30, 2016 10:31 PM
  • The Kerberos error message he got does not indicate a duplicate but that the SPN is probably configured on the wrong account (for example, on the computer account instead of on the service account, or on an another service account). However, it does not explain the 400... So tell us more of your issue, with logs in another thread please :)

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, July 1, 2016 2:51 AM