locked
sharepoint adfs login redirects back and forth RRS feed

  • Question

  • Hi, We are observing this weird issue where when we try to login it goes back and forth and at last it gets break with the following error message.

    Encountered error during federation passive request.

     

    Additional Data

     

    Protocol Name:

    wsfed

     

    Relying Party:

    urn:sharepoint:extradev

     

    Exception details:

    Microsoft.IdentityServer.Web.InvalidRequestException: MSIS7042: The same client browser session has made '6' requests in the last '6' seconds. Contact your administrator for details.

    I have checked the Trusted Identity token issuer configuration and it all looks good to me, including realm and urn part.

    Can any one of you please suggest me what could be wrong and how can I resolve this.

    Thursday, September 12, 2019 9:49 AM

All replies

  • Hiya,

    This is typically because there is a mismatch in cookie timeout values between ADFS and the target application. 

    Basically ADFS is Ok, but client application is not or reverse :)

    If you logon from a clean browser, one that has not accessed the solution, inPrivate/Inkognito mode, do you still experience this issue?

    Friday, September 13, 2019 7:13 AM
  • A fiddler trace might help here too if you don't mind sharing a sanitized trace :) (without passwords)

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, September 13, 2019 1:11 PM
  • Hi, 

    Thanks for the reply. Yes, I have tried in a totally fresh browser even incognito/in private session too, but issue remains the same. 

    Yes, I too believe at ADFS side things are Okay!

    Any other thing I can try on?

    Thanks.

    Monday, September 16, 2019 7:45 AM
  • You need to make sure that your token lifetimes are matching.

    This article explains it very well on how to find out:

    https://blogs.msdn.microsoft.com/jesusfer/2015/08/27/sharepoint-2013-authentication-lifetime-settings/

    Also make sure that there are no cookies present on the computer you are testing from.

    Monday, September 16, 2019 8:18 AM
  • Just to give more detail here. 

    We only observes the issue for partner accounts login, for internal users accounts login it works good. 

    Please have a look on below link it has a log picture.

    https://drive.google.com/file/d/11v_FibaTLD9sUluchNMoqJRjxzEBShqx/view

    Confusing part is, why trust appended at end of source? For internal user login nothing appends at source and authentication works. Please help. Thanks.

    Monday, September 16, 2019 9:55 AM
  • Hi, I hope below helps, thanks.

    https://drive.google.com/file/d/11v_FibaTLD9sUluchNMoqJRjxzEBShqx/view

    Monday, September 16, 2019 10:01 AM
  • How is trafic routed Internal vs External?- Just in terms of DNS and role.

    like Client request -> WAP -> ADFS -> SharePoint or similar?

    Monday, September 16, 2019 4:21 PM
  • Hi - Thanks for all your prompt responses.

    We have figured out the issue, Claim rules for partner login at ADFS was missing and hence adding it resolved the issue.

    Thanks.

    Friday, September 20, 2019 11:29 AM
  • Good so it is fixed now? Do you mind sharing the modifications you have made to mark this thread as resolved? Thanks!

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, September 20, 2019 5:42 PM