Forum Discussion
Federation Issues - No protocol handlers?
I'm running into the same issue with v2.4.27.0 of Entra Connect. v2.3.8.0 works fine.
Thanks for the tips and direction of troubleshooting VasilMichev I have identified the issue in further detail after manually configuring the RPT without success.
It looks like some of the components on the redirection URL are missing - wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline, when I add them back into the URL internally, I can authenticate and redirect back to M365 as expected. I can auth externally through the WAP when I do this, but it gets stuck in a loop, I'm thinking the WAP doesn't like me modifying the URL on the fly.
Not sure why this isn't provided in the redirection from M365 as expected, I'm guessing without this, the query won't hit the RPT and you end up with the same error as if you went straight to /adfs/ls. Might be a service side thing, maybe for recently federated tenants, still looking to see what I can dig up on this.
An example of the before URL - https://adfs.domain.com/adfs/ls/?wctx=LoginOptions%3D3%26&cbcxt=&username=test.user%40domain.com&mkt=en-US&lc=
An example of the after URL - https://adfs.domain.com/adfs/ls/?wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26&cbcxt=&username=test.user%40domain.com&mkt=en-US&lc=
Interesting. Are you certain it's M365 that's not providing the parameters, might also be something on the WAP side? In fact, have you tried this without WAP - the less moving parts involved, the better.
On M365 side, are you getting the same experience regardless on which workload you initiate the login? I.e. do you have the same experience when accessing the "home" page vs OWA vs SharePoint or any other "passive" one? If the issue is on M365 side, it would be nice to understand whether it's purely on Entra side, or dependent on the resource.
In any case, might want to open a service request for this one. I tried pining some folks, hoping to get additional info, but no dice :(