did ADFS 2.0 support extended validation certificate for encryption?
hi,
can please me resolve issue adfs 2.0. in fact, configured adfs idp signing , encrypting assertions; configured public key of sp certificate (ping federated) encrypt assertions. besides sp use extended validation certificate (with add subject serialnumber in common name of certificate), although got following error message in windows log viewer :
encountered error during federation passive request.
additional data
exception details:
microsoft.identityserver.web.authorizationfailedexception: msis7011: access denied.
@ microsoft.identityserver.web.federationpassiveauthentication.requestbearertoken(httpsamlrequestmessage httpsamlrequest, securitytokenelement onbehalfof, string& samlpsessionstate, string& samlpauthenticationprovider)
@ microsoft.identityserver.web.federationpassiveauthentication.buildsigninresponsecorewithserializedtoken(string signontoken, wsfederationmessage incomingmessage)
@ microsoft.identityserver.web.federationpassiveauthentication.buildsigninresponsecorewithsecuritytoken(securitytoken securitytoken, wsfederationmessage incomingmessage)
@ microsoft.identityserver.web.federationpassiveauthentication.buildsigninresponseforprotocolrequest(federationpassivecontext federationpassivecontext, securitytoken securitytoken)
@ microsoft.identityserver.web.federationpassiveauthentication.buildsigninresponse(securitytoken securitytoken)
the event id : 364
also when configure classic certificate (without attribute serialnumber in common name), have no problem encryption of assertions.
for information geotrust certificate authority used sp partner to generate certificate.
thank in advance help,
best regards,
ilyass
hello,
please check out:
best regards meinolf weber disclaimer: posting provided "as is" no warranties or guarantees , , confers no rights.
Windows Server > Directory Services
Comments
Post a Comment