locked
Disabling Encryption RRS feed

  • Question

  • One of the SP's have requested to disable encryption of response. I ran the command: 

    Set-ADFSRelyingPartyTrust -TargetName "RP Name" -EncryptionCertificate $null

     It cleared out the Encryption tab in the Relying Party Trust property. Now when I am trying to login, after entering my credentials, I am getting the error: HTTP ERROR 401. Authentication Failed: The username or password you entered is incorrect. 

    Is this the right way to disable encryption? Is there any alternative way to do it? Log from event viewer:

    Encountered error during federation passive request. 

    Additional Data 

    Protocol Name: 
    wsfed 

    Relying Party: 
    urn:federation:MicrosoftOnline 

    Exception details: 
    Microsoft.IdentityServer.AuthenticationFailedException: soj200-The user name or password is incorrect ---> System.IdentityModel.Tokens.SecurityTokenValidationException: soj200 ---> System.ComponentModel.Win32Exception: The user name or password is incorrect
       at Microsoft.IdentityServer.Tokens.LsaLogonUserHelper.GetLsaLogonUserHandle(SafeHGlobalHandle pLogonInfo, Int32 logonInfoSize, SafeCloseHandle& tokenHandle, SafeLsaReturnBufferHandle& profileHandle)
       at Microsoft.IdentityServer.Tokens.LsaLogonUserHelper.GetLsaLogonUserInfo(SafeHGlobalHandle pLogonInfo, Int32 logonInfoSize, DateTime& nextPasswordChange, DateTime& lastPasswordChange, String authenticationType, String issuerName)
       at Microsoft.IdentityServer.Tokens.LsaLogonUserHelper.GetLsaLogonUser(String domain, String username, String password, DateTime& nextPasswordChange, DateTime& lastPasswordChange, String issuerName)
       at Microsoft.IdentityServer.Service.LocalAccountStores.ActiveDirectory.ActiveDirectoryCpTrustStore.ValidateUser(IAuthenticationContext context)
       --- End of inner exception stack trace ---

    Monday, October 1, 2018 4:28 PM

All replies

  • I do this by just removing the encryption certificate in the RP wizard.

    Monday, October 1, 2018 6:13 PM
  • I don't think the error message you see is relative to you disabling the encryption.

    Can you expand a bit on your test protocol? 


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, October 2, 2018 1:46 PM