One of the SP's have requested to disable encryption of response. I ran the command:
Set-ADFSRelyingPartyTrust -TargetName "RP Name" -EncryptionCertificate $null
It cleared out the Encryption tab in the Relying Party Trust property. Now when I am trying to login, after entering my credentials, I am getting the error: HTTP ERROR 401. Authentication Failed: The username or password you entered is
incorrect.
Is this the right way to disable encryption? Is there any alternative way to do it? Log from event viewer:
Encountered error during federation passive request.
Additional Data
Protocol Name:
wsfed
Relying Party:
urn:federation:MicrosoftOnline
Exception details:
Microsoft.IdentityServer.AuthenticationFailedException: soj200-The user name or password is incorrect ---> System.IdentityModel.Tokens.SecurityTokenValidationException: soj200 ---> System.ComponentModel.Win32Exception: The user name or password is incorrect
at Microsoft.IdentityServer.Tokens.LsaLogonUserHelper.GetLsaLogonUserHandle(SafeHGlobalHandle pLogonInfo, Int32 logonInfoSize, SafeCloseHandle& tokenHandle, SafeLsaReturnBufferHandle& profileHandle)
at Microsoft.IdentityServer.Tokens.LsaLogonUserHelper.GetLsaLogonUserInfo(SafeHGlobalHandle pLogonInfo, Int32 logonInfoSize, DateTime& nextPasswordChange, DateTime& lastPasswordChange, String authenticationType, String issuerName)
at Microsoft.IdentityServer.Tokens.LsaLogonUserHelper.GetLsaLogonUser(String domain, String username, String password, DateTime& nextPasswordChange, DateTime& lastPasswordChange, String issuerName)
at Microsoft.IdentityServer.Service.LocalAccountStores.ActiveDirectory.ActiveDirectoryCpTrustStore.ValidateUser(IAuthenticationContext context)
--- End of inner exception stack trace ---
