locked
AD FS not issuing token RRS feed

  • Question

  • Hi, We currently have ADFS on Server 2012 R2 running successfully with Azure for Skype for Business. This is working well and we have no issues. We have recently added a relay trust for a new partner (we're the iDP) in the relationship and they are using a self-written fed service. The relay trust is set up to not use encryption or signing (Encryptclaims set to false and SignedSamlRequestRequired set to false) and they are expecting us to authenticate our user and issue a token with the users email address, allowing them to log in. The identifier that we have specified in the relay trust (https://xxxxxxx.com) does not have a valid certificate but my understanding is that the identifier isn't validated against, so that's not important. However, when we try to connect to the claims aware app, we are successfully redirected to our own ADFS server, the credentials are entered and we are then redirected to the claims app. 

    At this point, we get an error on the claims app server that there is an error with the logon. In the AD FS admin log on our AD FS server, there are 2 errors;

    1 -  Event ID 303 - The federation encountered an error while processing the SAML authentication request - Signature verification failed: MSIS0037 No signature verification certificate error found for issuer https://xxxxxxx.com

    2 - Event ID 364 - Encountered error during federation passive request - Signature verification failed: MSIS0037 No signature verification certificate error found for issuer https://xxxxxxx.com

    As the SAML request is coming to us as unsigned and we're not signing the response, I'm a little confused as to why we're failing on a signing certificate, as it shouldn't come into play.

    Does anyone have any ideas?

    Monday, July 10, 2017 8:13 AM

Answers

  • Did you check if the SignedSAMLRequestRequired is set to false? Run get-adfsproperties and check for the attribute. You can find more information here - https://technet.microsoft.com/en-us/library/ee892323.aspx
    • Marked as answer by grayp65 Thursday, July 13, 2017 1:52 PM
    Thursday, July 13, 2017 7:36 AM