locked
User certificate authentication gets http 500 RRS feed

  • Question

  • Hello,

    in my lab i configured a AD FS 2016 server with a WAP 2016 server in my dmz. I bind an SAN certificate with adfs.mylab.com and an alternative name certauth.adfs.mylab.com. The certificate is bound to both ADFS and WAP server. Only port 443 is opened in my firewall to my WAP and from WAP to ADFS.

    My client connects from external to my wap. The wap prompted with the forms authentication page with a link to logon through X.509 certificate.

    After i click on this, i will be asked for an certificate. I click on my user certificate and then, the browser do a redirect to certauth.adfs.mylab.com and present me a HTTP 500 page.

    What goes wrong ? what must also be configured ?

    Friday, September 8, 2017 1:49 PM

All replies

  • Hi Stefan,

    Not sure if you already resolved this, however, this is what you can do.

    Enable AD FS Tracing in Event Viewer (View -> Show Analytic and Debug logs);

    Reproduce the issue, and look for an error in the events (under Applications and Services logs -> AD FS Tracing).

    Most likely you will find the issue here, e.g.: Event 52: Exception: The remote name could not be resolved: 'certauth.adfs.mylab.com'

    Did you create a DNS entry on the internal forest for certauth.adfs.mylab.com pointed at the internal backend ADFS?

    Just my €0,02

    Monday, February 12, 2018 8:54 PM
  • Hi do you correctly route/resolve both certauth.adfs.mylab.com and adfs.mylab.com to your ADFS server from WAP server?

    Martin

    Tuesday, February 13, 2018 7:38 AM