none
"Specified method is not supported." error when trying to log in with ADFS RRS feed

  • Question


  • I have followed the steps in this TechNet blog post and it all seemed to go well until I try to actually log in using ADFS.

    When I navigate to the web application, I am presented with a dropdown to select the credential type. I select ADFS and am sent to the ADFS login page. I enter the correct credentials and am then sent to https://WEB_APPLICATION_HOSTNAME/_trust, and this page displays an ASP.NET yellow screen of death with:

    -----------------------

        Specified method is not supported.
        Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

        Exception Details: System.ServiceModel.FaultException`1[[System.ServiceModel.ExceptionDetail, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]: Specified method is not supported.

        Source Error:

        An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

        Stack Trace:


        [FaultException`1: Specified method is not supported.]
           Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response) +249
           Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) +83
           Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst) +33
           Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties) +1103
           Microsoft.SharePoint.SPSecurityContext.SecurityTokenForOnBehalfOfContext(Uri context, SecurityToken onBehalfOf) +72
           Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.ExchangeArgumentTrustedThirdPartySessionSecurityTokenForLocalToken(SecurityToken thirdPartyToken, SessionSecurityTokenCreatedEventArgs arguments) +1859
           Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.OnSessionSecurityTokenCreated(SessionSecurityTokenCreatedEventArgs eventArgs) +590
           Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SetPrincipalAndWriteSessionToken(SessionSecurityToken sessionToken, Boolean isSession) +90
           Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request) +701
           Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +323
           Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +138
           System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +215
           System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +97

    -----------------------

    From the appearance of the error, it looks like SharePoint is internally sending a request to the security token service and the latter is responding saying that it's using an invalid SOAP method, but that is just a guess.

    I have tried the steps from this Fiddler blog post to try to route these requests through Fiddler, but Fiddler doesn't capture anything.

    Google searches for this situation aren't turning up anything remotely resembling my situation. What can I do to begin troubleshooting this?

    Below are the ULS logs from the request to the _trust endpoint. Of note, the first line gives me some concern. The Uri here is the URN I added in step 7 of following the TechNet blog post, but it seems to be resulting in some sort of error.

    -----------------------

        SharePoint FoundationGeneraladyrvHighCannot find site lookup info for request Uri urn:*******.
        SharePoint FoundationClaims Authenticationamb82UnexpectedCouldn't find a proper match for user email. User: '********************'.
        SharePoint FoundationClaims Authentication8307CriticalAn exception occurred in ADFS claim provider when calling SPClaimProvider.FillUserKeyForEntity(): Specified method is not supported..
        SharePoint FoundationMonitoringb4lyHighLeaving Monitored Scope (SPClaimProvider.FillUserKeyForEntity()). Execution Time=120.4741
        SharePoint FoundationClaims Authenticationaf3zpUnexpectedSTS Call Claims Saml: Problem getting output claims identity. Exception: 'System.NotSupportedException: Specified method is not supported.     at Microsoft.SharePoint.Administration.Claims.SPTrustedBackedByActiveDirectoryClaimProvider.GetUserKeyForEntity(SPClaim entity)     at Microsoft.SharePoint.Administration.Claims.SPClaimProvider.UserKeyForEntity(SPClaim entity)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaimForTrustedUser(IClaimsIdentity claimsIdentity, SPClaim userIdentityClaim)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaim(IClaimsIdentity claimsIdentity, SPClaim loginClaim)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(IClaimsIdentity claimsIdentity, String encodedIdentityClaimSuffix)     at Microsoft.SharePoint.IdentityModel.SPSessionSecurityTokenCookieValue.Initialize(IClaimsIdentity identity, RequestSecurityToken request, DateTime tokenLifeTime)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.CreateTokenCacheReferenceFromUserId(SPRequestInfo requestInfo, IClaimsIdentity identity)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentTokenCacheReferenceClaim(SPRequestInfo requestInfo, IClaimsIdentity identity)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentOutputIdentityForRequest(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetOutputClaimsIdentity(IClaimsPrincipal principal, RequestSecurityToken request, Scope scope)'.
        SharePoint FoundationMonitoringb4lyHighLeaving Monitored Scope (SPSecurityTokenService.GetOutputClaimsIdentity()). Execution Time=121.9425
        SharePoint FoundationClaims Authenticationfo1tMonitorableSTS Call: Failed to issue new security token. Exception: System.NotSupportedException: Specified method is not supported.     at Microsoft.SharePoint.Administration.Claims.SPTrustedBackedByActiveDirectoryClaimProvider.GetUserKeyForEntity(SPClaim entity)     at Microsoft.SharePoint.Administration.Claims.SPClaimProvider.UserKeyForEntity(SPClaim entity)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaimForTrustedUser(IClaimsIdentity claimsIdentity, SPClaim userIdentityClaim)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaim(IClaimsIdentity claimsIdentity, SPClaim loginClaim)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(IClaimsIdentity claimsIdentity, String encodedIdentityClaimSuffix)     at Microsoft.SharePoint.IdentityModel.SPSessionSecurityTokenCookieValue.Initialize(IClaimsIdentity identity, RequestSecurityToken request, DateTime tokenLifeTime)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.CreateTokenCacheReferenceFromUserId(SPRequestInfo requestInfo, IClaimsIdentity identity)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentTokenCacheReferenceClaim(SPRequestInfo requestInfo, IClaimsIdentity identity)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentOutputIdentityForRequest(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetOutputClaimsIdentity(IClaimsPrincipal principal, RequestSecurityToken request, Scope scope)     at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.Issue(IClaimsPrincipal principal, RequestSecurityToken request)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.Issue(IClaimsPrincipal principal, RequestSecurityToken request)
        SharePoint FoundationMonitoringb4lyHighLeaving Monitored Scope (SPSecurityTokenService.Issue). Execution Time=125.8951
        SharePoint FoundationTopologyaeaycHigh[Forced due to logging gap, cached @ 11/14/2019 01:19:26.79, Original Level: Verbose] The SecurityTokenServiceHeaderInfo including the correlation ID was added.
        SharePoint FoundationMonitoringb4lyHighLeaving Monitored Scope (ExecuteSecurityTokenServiceOperationCaller:http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue). Execution Time=141.6527
        SharePoint FoundationClaims Authenticationfsq7HighSPSecurityContext: Request for security token failed with exception: System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: Specified method is not supported. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is: System.NotSupportedException: Specified method is not supported.    at Microsoft.SharePoint.Administration.Claims.SPTrustedBackedByActiveDirectoryClaimProvider.GetUserKeyForEntity(SPClaim entity)     at Microsoft.SharePoint.Administration.Claims.SPClaimProvider.UserKeyForEntity(SPClaim entity)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaimForTrustedUser(IClaimsIdentity claimsIdentity, SPClaim userIdentityClaim)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaim(IClaimsIdentity claimsIdentity, SPClaim loginClaim)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(IClaimsIdentity claimsIdentity, String encodedIdentityClaimSuffix)     at Microsoft.SharePoint.IdentityModel.SPSessionSecurityTokenCookieValue.Initialize(IClaimsIdentity identity, RequestSecurityToken request, DateTime token...).
        SharePoint FoundationClaims Authentication8306CriticalAn exception occurred when trying to issue security token: Specified method is not supported..
        SharePoint FoundationClaims Authenticationaf3xxUnexpectedClaims Saml Sign-In: Could not get local token for trusted third party token. FaultException: 'System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: Specified method is not supported. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is: System.NotSupportedException: Specified method is not supported.    at Microsoft.SharePoint.Administration.Claims.SPTrustedBackedByActiveDirectoryClaimProvider.GetUserKeyForEntity(SPClaim entity)     at Microsoft.SharePoint.Administration.Claims.SPClaimProvider.UserKeyForEntity(SPClaim entity)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaimForTrustedUser(IClaimsIdentity claimsIdentity, SPClaim userIdentityClaim)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaim(IClaimsIdentity claimsIdentity, SPClaim loginClaim)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(IClaimsIdentity claimsIdentity, String encodedIdentityClaimSuffix)     at Microsoft.SharePoint.IdentityModel.SPSessionSecurityTokenCookieValue.Initialize(IClaimsIdentity identity, RequestSecurityToken request, DateTime token...).'. Stack: '   at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForOnBehalfOfContext(Uri context, SecurityToken onBehalfOf)     at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.ExchangeArgumentTrustedThirdPartySessionSecurityTokenForLocalToken(SecurityToken thirdPartyToken, SessionSecurityTokenCreatedEventArgs arguments)'.
        SharePoint FoundationMonitoringb4lyHighLeaving Monitored Scope (SPFederationAuthenticationModule.OnSessionSecurityTokenCreated). Execution Time=143.4391
        SharePoint FoundationMonitoringb4lyHighLeaving Monitored Scope (SPFederationAuthenticationModule.OnAuthenticateRequest::WifCodeCall). Execution Time=161.2515
        SharePoint FoundationMicro Traceuls4HighMicro Trace Tags: 0 adyrv,143 b4ly,0 fsq7,0 af3xx,0 b4ly,0 b4ly



                                 
    • Edited by James Rishe Thursday, November 14, 2019 9:37 AM
    Thursday, November 14, 2019 9:33 AM

Answers

  • Hi James,

    Make sure you meet these needs:

    1.The SharePoint farm has to be at June 2014 CU (or higher) for SharePoint 2013(15.0.4623.1001).

    2.The web applications must be Windows Claims. SAML is not supported on classic.

    3.ADFS must be backed with the same Active Directory used in Windows Claims.

    Refer to the following case, which has a similar error information to yours:

    https://github.com/Yvand/LDAPCP/issues/50

    Best regards

    Itch Sun


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Friday, November 15, 2019 7:43 AM

All replies

  • Hi James,

    Make sure you meet these needs:

    1.The SharePoint farm has to be at June 2014 CU (or higher) for SharePoint 2013(15.0.4623.1001).

    2.The web applications must be Windows Claims. SAML is not supported on classic.

    3.ADFS must be backed with the same Active Directory used in Windows Claims.

    Refer to the following case, which has a similar error information to yours:

    https://github.com/Yvand/LDAPCP/issues/50

    Best regards

    Itch Sun


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Friday, November 15, 2019 7:43 AM
  • Thank you for your reply, and sorry for not getting back to you sooner.

    I'm not sure which CU I had when I went though the process of setting up the ADFS authentication. I did install the latest CU when I ran into issues, and that didn't make any difference, but it may have been the case that I needed to go through the process after installing the CU.

    So that's what I did. I removed the TrustedIdentityTokenIssuer and re-added it. The second time, I tried using a different Identifier Claim (UPN instead of Email), so it's possible that made a difference. In any case, it worked.

    Thanks again for your help.

    Friday, November 29, 2019 9:28 AM