SymptomsWhen end users attempt to access the Forefront UAG portal, they may receive the following message "A request was received with an incorrect number of identities. Only single identity requests are supported." There may also be an event 159 in the event viewer or the Web Monitor with the description "ADFSv2Site: WSFederationAuthenticationModule in ADFSv2Sites\[trunk_name] has received a request with more than one identity. Only requests with one identity are supported. Session ID: [session_ID]."

Cause—The Federation Service in your organization sends more than one security token for a user, but Forefront UAG can accept only one security token at a time. If the Federation Service in your organization is provided by an AD FS 2.0 server, this cannot occur. However, if you use a custom Federation Service in your organization, it may be configured to send more than one security token for each user.

SolutionIf you are using a custom Federation Service in your organization, make sure that it is configured to send only one security token for each user.