ADFS 4.0 fail to redirect success IDP logon

I have configured AD FS on a Windows 2016 server to authenticate against a national IDP. I get a successfully logon from the IDP, but when I Return to the ADFS server fails to redirect to my web site...

Authentication

Pié
Jan 08, 2018
Because it fails with the crypto issue, my guess would be:

1. They are using token encryption

2. They used the wrong certificate to encrypt the token

As a result, ADFS cannot parse the SAML structure properly. I have seen that in the past. Many third party IDP assume that ADFS is using the same certificate for token signature and token encryption. But that's not the case. Contact them and make them double check their configuration (ensure they are using the right certificate for the right purpose).

Pié

Microsoft

Jan 08, 2018

Because it fails with the crypto issue, my guess would be:

1. They are using token encryption

2. They used the wrong certificate to encrypt the token

As a result, ADFS cannot parse the SAML structure properly. I have seen that in the past. Many third party IDP assume that ADFS is using the same certificate for token signature and token encryption. But that's not the case. Contact them and make them double check their configuration (ensure they are using the right certificate for the right purpose).

Tore Veiseth
Copper Contributor
Jan 09, 2018
Thank's for this tip Pierre. I had to use the same certificate for signature and enctyption i my ADFS configuration.

Forum Discussion

ADFS 4.0 fail to redirect success IDP logon

Resources