FW: ADFS communication problem

Skylar Hansen shansen at randolphcollege.edu
Fri Jan 6 18:27:29 GMT 2012 

Hi,

I have a similar environment setup. It appears from your error messages,
below, that there is a problem with your ADFS configuration. The URLs look
incorrect.

HTH,

Skylar
------ Forwarded Message
From: giuseppe parisella <gparise2la at gmail.com>
Reply-To: Shib Dev <dev at shibboleth.net>
Date: Fri, 6 Jan 2012 18:25:13 +0100
To: <dev at shibboleth.net>
Subject: ADFS communication problem

Hi,
sorry for my english. I'm following the guide Federated Collaboration with
Shibboleth 2.0 and SharePoint 2010 Technologies at the site
http://technet.microsoft.com/en-us/library/adfs2-step-by-step-guides%28WS.10
%29.aspx. So I have 3 virtual machines (one for ADFS, one for Shibboleth and
one for Sharepoint2010). I have configured the shibboleth machine as showed
in the guide and the status is ok (the
https://idmgt-ip0.idmgtext.demo:8443/idp/profile/Status page shows ok). For
the ADFS side, the guide doesn't tell anything and so I have followed other
documents on the web. Before configure the Sharepoint side, I have to test
if it's all right and so, from the ADFS machine, I visit
https://sts.idmgt.demo/adfs/ls/IdpInitiatedSignon.aspx (sts.idmgt.demo is
the ADFS machine'd alias name) from Internet Explorer and gets out the
following error message:

There was a problem accessing the site. Try to browse to the site again.

If the problem persists, contact the administrator of this site and provide
the reference number to identify the problem.

MSIS7012: An error occurred while processing the request. Contact your
administrator for details.



In the Event Viewer there is a Warning

Trust monitoring service detected changes in policy of 'Shibboleth IdP', but
did not automatically apply the changes on the trust partner.

Additional Data 
Warnings: 
MSIS7524: A 'ArtifactResolutionService' endpoint was ignored because its
binding 'urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding' is not
supported.
MSIS7524: A 'SamlSingleSignOnService' endpoint was ignored because its
binding 'urn:mace:shibboleth:1.0:profiles:AuthnRequest' is not supported.
MSIS7524: A 'SamlSingleSignOnService' endpoint was ignored because its
binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign' is not
supported.



and 4 Errors with EventID=364:

Encountered error during federation passive request.

Additional Data 

Exception details: 
Microsoft.IdentityServer.Configuration.ReadServiceConfigFailedException:
MSIS2001: Configuration service URL is not configured. --->
Microsoft.IdentityServer.PolicyModel.Client.StorageAuthorizationException:
ADMIN0120: The client is not authorized to access the endpoint
net.tcp://localhost:1500/policy. The client process must be run with
elevated administrative privileges.
   at 
Microsoft.IdentityServer.PolicyModel.Client.PolicyStoreClientManager.SearchW
orker(Filter filter, Int32 maxObjects, String[] propertyNames, Boolean
firstTry, PropertyFactoryBase propertyFactory)
   at 
Microsoft.IdentityServer.PolicyModel.Client.PolicyStoreClientManager.Search(
Filter filter, Int32 maxObjects, String[] propertyNames, PropertyFactoryBase
propertyFactory)
   at 
Microsoft.IdentityServer.PolicyModel.Client.PolicyManagerBase.Search[T](Filt
er filter, Int32 maxItems, String[] properties, PropertyFactoryBase
propertyFactory)
   at 
Microsoft.IdentityServer.PolicyModel.Client.PolicyManagerBase.GetItem[T](Fil
ter filter, String[] properties, PropertyFactoryBase propertyFactory)
   at 
Microsoft.IdentityServer.Configuration.ServiceConfigurationReader.ReadServic
eConfiguration()
   --- End of inner exception stack trace ---
   at 
Microsoft.IdentityServer.Configuration.ServiceConfigurationReader.ReadServic
eConfiguration()
   at 
Microsoft.IdentityServer.Configuration.ServiceConfigurationReader.get_Servic
eConfiguration()
   at 
Microsoft.IdentityServer.Configuration.ServiceConfigurationReader.GetHostNet
TcpPort()
   at Microsoft.IdentityServer.Web.PassivePolicyManager..ctor()
   at 
Microsoft.IdentityServer.Web.FederationPassiveAuthentication.GetIssuerFriend
lyName()

Microsoft.IdentityServer.PolicyModel.Client.StorageAuthorizationException:
ADMIN0120: The client is not authorized to access the endpoint
net.tcp://localhost:1500/policy. The client process must be run with
elevated administrative privileges.
   at 
Microsoft.IdentityServer.PolicyModel.Client.PolicyStoreClientManager.SearchW
orker(Filter filter, Int32 maxObjects, String[] propertyNames, Boolean
firstTry, PropertyFactoryBase propertyFactory)
   at 
Microsoft.IdentityServer.PolicyModel.Client.PolicyStoreClientManager.Search(
Filter filter, Int32 maxObjects, String[] propertyNames, PropertyFactoryBase
propertyFactory)
   at 
Microsoft.IdentityServer.PolicyModel.Client.PolicyManagerBase.Search[T](Filt
er filter, Int32 maxItems, String[] properties, PropertyFactoryBase
propertyFactory)
   at 
Microsoft.IdentityServer.PolicyModel.Client.PolicyManagerBase.GetItem[T](Fil
ter filter, String[] properties, PropertyFactoryBase propertyFactory)
   at 
Microsoft.IdentityServer.Configuration.ServiceConfigurationReader.ReadServic
eConfiguration()


The problem is on this machine or I was wrong something in the Shibboleth
configuration?

Thanks

 


--
To unsubscribe from this list send an email to
dev-unsubscribe at shibboleth.net

------ End of Forwarded Message

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120106/645ef391/attachment.html

More information about the users mailing list