locked
Sharepoint with WAP and ADFS 3.0 RRS feed

  • Question

  • I have setup sharepoint with WAP in Win 2012R2. When I access the externally published URL, it first goes to ADFS (as expected), but then ADFS page shows "An error occurred".  

    More details about the error from ADFS logs, 

    Even ID 511: 

    The incoming sign-in request is not allowed due to an invalid Federation Service configuration.  

    Request url: 
     /adfs/ls?version=1.0&action=signin&realm=urn'%'3AAppProxy'%'3Acom&appRealm=7xxxxxxx-xxxx-xxxx-xx80be-000d3axx002bb8&returnUrl=https'%'3A'%'2F'%'2Fxxxxxx.xxxxxx.com'%'2F&client-request-id=xxxxxxx-AD23-0000-08F8-xxxxxxxx

    User Action:
     Examine the Federation Service configuration and take the following actions: 
      Verify that the sign-in request has all the required parameters and is formatted correctly. 
      Verify that a web application proxy relying party trust exists, is enabled, and has identifiers which match the sign-in request parameters. 
      Verify that the target relying party trust object exists, is published through the web application proxy, and has identifiers which match the sign-in request parameters.

    Event ID 364:

    Exception details: 
    Microsoft.IdentityServer.Web.InvalidRequestException: MSIS7009: The request was malformed or not valid. Contact your administrator for details.
       at Microsoft.IdentityServer.Web.Protocols.MSISHttp.MSISHttpProtocolHandler.ValidateSignInContext(MSISHttpSignInRequestContext msisContext, WrappedHttpListenerRequest request)
       at Microsoft.IdentityServer.Web.Protocols.MSISHttp.MSISHttpProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext& protocolContext, PassiveProtocolHandler& protocolHandler)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

    Any idea how to solve this?

    Thanks,


    nasayoo

    Friday, June 26, 2015 5:21 PM

Answers

  • Hi Nasayoo,

    As I understand, there is an error in the ADFS page in SharePoint 2013.

    Point the adfs URL (adfs.demo.com) to the Web Application Proxy. This means you need two public DNS records that points to the Web Application Proxy: adfs.demo.com and sharepoint-webapp.demo.com

    You can simply start with a hosts file entry on your client.

    There is a similar case:

    http://community.spiceworks.com/topic/593638-sharepoint-2013-web-application-proxy

    Best regards,

    Sara Fan


    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Proposed as answer by Victoria Xia Tuesday, July 7, 2015 12:35 AM
    • Marked as answer by Victoria Xia Wednesday, July 8, 2015 12:55 AM
    Monday, June 29, 2015 9:11 AM