locked
Problem with ADFS Sign In Page RRS feed

  • General discussion

  • I  have created  a  new claims  aware asp.net  website ,and added a STS Reference to the application,then FederationMetadata.xml si created.Below   federationmetadataxml code. After  that Added claim aware  website as relying party to ADFS Relying Party Trust.We have chosen the option in ADFS  as "Enter  data about the relying party manually" .Then next we have added  a Display name in  Specify Display Name section.In Choose Profile section  we have chosen  ADFS 2.0 profile.Then  from Configure Certificate  section we moved to next option Configure URL.In Configure URL section  we have chosen Enable support for SAML2 .0  SSO service URL. In this option( Enable support for SAML2 .0  SSO service URL) we have entered our relying party  url https://localhost/ClaimAwareWebsite3/. In the  next step in Configure Identifiers section we added relying party trust identifiers as https://localhost/ClaimAwareWebsite3/. In the Next  step  in Choose Issuance Authorization Rules section we have selected Permit all  users to access this relying party option.In the next step from  "Ready to Add Trust"(we havent seletected any option in this section) we moved to next section.Then  Finish  section appears with  "open the Edit claim rule dialog for this relying partytrust" when the wizard closes"(default option of checkbox will be in  checked mode).After moving on from previous step  an "Edit Claim Rules  " section will be opened.In that section on clicking on "Add Rule",an "Add Transform Claim Rule Wizard" will be opened.In this section in "Claim Rule Template drop down we have chosen "Pass through or Filter an Incoming Claim" from this moving on to next section In  Claim rule name  section we have eneterd "Name " and selected Incoming  claim Type as "Name".Then next after clicking on Finish our application has been added as relying party in ADFS.When we run  the application,our relying party application  was opened and then ADFS Sign In Page was opened with our relying party application in the drop down as show in the screen shot.After  selecting the  relying party option and then clicked on  Continue To Sign In  button.When i clicked  on Continue To Sign In button  i   wasnt   able to redirect  to another page,instead i  was in the  same  Sign In Page . Can any help  us on this issue.

    Below  is  the web.config  code  of relying party application:

    <?xml version="1.0"?>
    <!--
        Note: As an alternative to hand editing this file you can use the
        web admin tool to configure settings for your application. Use
        the Website->Asp.Net Configuration option in Visual Studio.
        A full list of settings and comments can be found in
        machine.config.comments usually located in
        \Windows\Microsoft.Net\Framework\v2.x\Config
    -->
    <configuration>
      <configSections>
        <section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
      </configSections>
      <appSettings>
        <add key="FederationMetadataLocation" value="https://DomainName/FederationMetadata/2007-06/FederationMetadata.xml" />
      </appSettings>
      <connectionStrings />
      <location path="FederationMetadata">
        <system.web>
          <authorization>
            <allow users="*" />
          </authorization>
        </system.web>
      </location>
      <system.web>
        <authentication mode="None" />
        <!--
                Set compilation debug="true" to insert debugging
                symbols into the compiled page. Because this
                affects performance, set this value to true only
                during development.
            -->
        <compilation debug="true" targetFramework="4.0">
          <assemblies>
            <add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
          </assemblies>
        </compilation>
        <!--
                The <authentication> section enables configuration
                of the security authentication mode used by
                ASP.NET to identify an incoming user.
            -->
        <!--Commented out by FedUtil-->
        <!--<authentication mode="Forms"><forms loginUrl="Login.aspx" protection="All" timeout="30" name=".ASPXAUTH" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="default.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects="false" /></authentication>-->
        <!-- Deny Anonymous users. -->
        <authorization>
          <deny users="?" />
        </authorization>
        <!--
                The <customErrors> section enables configuration
                of what to do if/when an unhandled error occurs
                during the execution of a request. Specifically,
                it enables developers to configure html error pages
                to be displayed in place of a error stack trace.

            <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
                <error statusCode="403" redirect="NoAccess.htm" />
                <error statusCode="404" redirect="FileNotFound.htm" />
            </customErrors>
            -->
        <pages controlRenderingCompatibilityVersion="3.5" />
        <httpRuntime requestValidationType="SampleRequestValidator" />
        <httpModules>
          <add name="ClaimsPrincipalHttpModule" type="Microsoft.IdentityModel.Web.ClaimsPrincipalHttpModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
          <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
          <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        </httpModules>
      </system.web>
      <system.codedom>
      </system.codedom>
      <!--
            The system.webServer section is required for running ASP.NET AJAX under Internet
            Information Services 7.0.  It is not necessary for previous version of IIS.
        -->
      <system.webServer>
        <validation validateIntegratedModeConfiguration="false" />
        <modules>
          <add name="ClaimsPrincipalHttpModule" type="Microsoft.IdentityModel.Web.ClaimsPrincipalHttpModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
          <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
          <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
        </modules>
      </system.webServer>
      <!--
      Uncomment the lines below to enable WIF tracing to: WIFTrace.e2e.
      Open the trace file using the SvcTraceViewer.exe tool (shipped with the WCF SDK available from Microsoft) or a xml viewer.
      Refer to MSDN if you wish to add WCF tracing.
      -->
      <!--<system.diagnostics>
        <sources>
          <source name="Microsoft.IdentityModel" switchValue="Verbose">
            <listeners>
              <add name="xml" type="System.Diagnostics.XmlWriterTraceListener" initializeData="WIFTrace.e2e" />
            </listeners>
          </source>
        </sources>
        <trace autoflush="true" />
      </system.diagnostics>-->
      <microsoft.identityModel>
        <service>
          <audienceUris>
            <add value="https://localhost/ClaimsAwareWebSite3/" />
          </audienceUris>
          <federatedAuthentication>
            <wsFederation passiveRedirectEnabled="true" issuer="https://DomainName/adfs/ls/" realm="https://localhost/ClaimsAwareWebSite3/" requireHttps="true" />
            <cookieHandler requireSsl="true" />
          </federatedAuthentication>
          <applicationService>
            <claimTypeRequired>
              <!--Following are the claims offered by STS 'http://DomainName/adfs/services/trust'. Add or uncomment claims that you require by your application and then update the federation metadata of this application.-->
              <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true" />
              <claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" optional="true" />
              <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />-->
              <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="true" />-->
              <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" optional="true" />-->
              <!--<claimType type="http://schemas.xmlsoap.org/claims/CommonName" optional="true" />-->
              <!--<claimType type="http://schemas.xmlsoap.org/claims/EmailAddress" optional="true" />-->
              <!--<claimType type="http://schemas.xmlsoap.org/claims/Group" optional="true" />-->
              <!--<claimType type="http://schemas.xmlsoap.org/claims/UPN" optional="true" />-->
              <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true" />-->
              <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" optional="true" />-->
              <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" optional="true" />-->
              <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" optional="true" />-->
              <!--<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" optional="true" />-->
            </claimTypeRequired>
          </applicationService>
          <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
            <trustedIssuers>
              <add thumbprint="85E674D73E2FCD18488732701230F70588F02FD3" name="http://DomainName/adfs/services/trust" />
            </trustedIssuers>
          </issuerNameRegistry>
          <certificateValidation certificateValidationMode="None" />
        </service>
      </microsoft.identityModel>
    </configuration>

    Below  is  the   screen shot for  Federationmetdata and  ADFS sign in page. 

    Can any one help  us in solving this issue

    • Changed type Srikanth Na Monday, January 9, 2012 2:42 PM
    Friday, January 6, 2012 3:44 PM