locked
ADFS & MFA integration issue RRS feed

  • Question

  • We have ADFS 3.0 server & MFA server 7.0.0.9 in on premise environment , Below is the design of our infrastructure

    Server A installed with ADFS 3.0 + MFA server 7.0

    Server B installed with ADFS 3.0 + MFA server 7.0

    Internal ADFS server uses SQL database

    Server C installed with WAP role + user portal & mobile portal

    Server D installed with WAP role + user portal & mobile portal

    Recently we did the upgrade from MFA server 6.2.1 version to 7.0, Everything like userportal & mobile portal is working fine after the upgrade but integration of MFA with ADFS is not working.

    Followed the exact same steps mentioned in the article for up gradation but still it is not working, Steps performed for up gradation

    1) unchekced the Global Multi-factor Authentication Policies option in ADFS & then WindowsAzureMultiFactorAuthentication AdfsAuthenticationProvider component was unregistered using the unregister command

    2) MFA ADFS Adapter 7.0 was installed in the server

    3) Edit the MultiFactorAuthenticationAdfsAdapter.config file as per the requriement

     <ConfigurationData xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <UseWebServiceSdk>true</UseWebServiceSdk>
        <WebServiceSdkUrl>https://abc.xyz.com/MultiFactorAuthWebServiceSdk/pfwssdk.asmx</WebServiceSdkUrl>
        <WebServiceSdkUsername>xyz\serviceaccount</WebServiceSdkUsername>
        <WebServiceSdkPassword>password</WebServiceSdkPassword>
        <WebServiceSdkCertificateThumbprint></WebServiceSdkCertificateThumbprint>
        <AutomaticallyTriggerUserDefaultMethod>false</AutomaticallyTriggerUserDefaultMethod>
    </ConfigurationData>

    4) Edited the Register-MultiFactorAuthenticationAdfsAdapter.ps1 with the configuration file path & executed the register command, Then restarted the services. post that enabled Azure Multi-factor Authentication server option in ADFS global authentication policy 

    5) post that enabled the user in MFA portal & also added the user in users/ groups tab of Global Authentication policy 

    6) Tried to login to the  office 365 portal & getting below error, let me know in case anyone is having fix for this issue

    Error details during login to office 365 portal

    when tried to access the portal from IE or Google chrome

    An error occurred
    An error occurred. Contact your administrator for more information.
    • Activity ID: 4f1-8db8-4b75-997e-159129da
    • Relying party: Microsoft Office 365 Identity Platform
    • Error time: Tue, 19 Jul 2016 1:21:23 GMT
    • Cookie: enabled
    • User agent string: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; MS-RTC LM 8)

    Below event will occur in ADFS server

    Encountered error during federation passive request. 

    Additional Data 

    Protocol Name: 
    wsfed 

    Relying Party: 
    urn:federation:MicrosoftOnline 

    Exception details: 
    System.Net.WebException: The request failed with HTTP status 404: Not Found.
       at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
       at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
       at pfadfs.pfwssdk.PfWsSdk.CanonicalizeUser(String username, String& canonicalUsername, Error& error)
       at pfadfs.AuthenticationAdapter.IsAvailableForUser(Claim identityClaim, IAuthenticationContext context)
       at Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationHandler.IsAvailableForUser(Claim identityClaim, IAuthenticationContext authContext)
       at Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationHandler.ProcessContext(ProtocolContext context, IAuthenticationContext authContext, IAccountStoreUserData userData)
       at Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationHandler.Process(ProtocolContext context)
       at Microsoft.IdentityServer.Web.Authentication.AuthenticationOptionsHandler.Process(ProtocolContext context)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)


    Tuesday, July 19, 2016 2:28 PM