locked
Microsoft.IdentityServer.Web.InvalidRequestException: MSIS7042: The same client browser session has made '6' requests in the last '16' seconds. Contact your administrator for details. RRS feed

  • Question

  • Having a issue when going thru a 3rd party claims provider Trust

    trying to get into SSO and SharePoint when using only ADFS, relying party trust it works splendid, 

    when using the one from claims provider trust getting the 

    Microsoft.IdentityServer.Web.InvalidRequestException: MSIS7042: The same client browser session has made '6' requests in the last '16' seconds. Contact your administrator for details.

    info from the metadata

    <NameIDFormat>
    urn:oasis:names:tc:SAML:2.0:nameid-format:transient
    </NameIDFormat>
    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login001.stockholm.se/affwebservices/public/saml2sso"/>
    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login001.stockholm.se/affwebservices/public/saml2sso"/>
    <ns3:Attribute xmlns:ns3="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
    <ns4:Attribute xmlns:ns4="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
    <ns5:Attribute xmlns:ns5="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
    <ns6:Attribute xmlns:ns6="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oid:2.5.4.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
    <ns7:Attribute xmlns:ns7="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oid:2.5.4.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
    <ns8:Attribute xmlns:ns8="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/CommonName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
    <ns9:Attribute xmlns:ns9="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>

    <ns10:Attribute xmlns:ns10="urn:oasis:names:tc:SAML:2.0:assertion" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>

    Monday, March 4, 2019 2:54 PM

All replies

  • It can be different things...

    If the time between the ADFS server and the application is way off, sometimes when the signature is using the wrong certificate, sometimes just one of the identifier has a typo (like a trailing something) or the validity time of the token is too low....

    A Fiddler might help.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, March 5, 2019 12:49 PM