Federation Services Authentication Issues

we testing ad fs 2.0 , have current test design.

federation server , wif sample app running on same box.

vm running test domain trying access wif sample. seems check out ssl certs when trying authenticate test domain following errors generated on fs.

encountered error during federation passive request.

additional data

exception details:

microsoft.identityserver.web.authenticationfailedexception: id3034: authentication failed.

   @ microsoft.identityserver.web.federationpassiveauthentication.submitrequest(msisrequestsecuritytoken request)

   @ microsoft.identityserver.web.federationpassiveauthentication.requestbearertoken(msissigninrequestmessage signinrequest, securitytokenelement onbehalfof, securitytoken primaryauthtoken, string desiredtokentype, uri& replyto)

   @ microsoft.identityserver.web.federationpassiveauthentication.buildsigninresponsecorewithsecuritytoken(securitytoken securitytoken, wsfederationmessage incomingmessage)

   @ microsoft.identityserver.web.federationpassiveauthentication.buildsigninresponseforprotocolrequest(federationpassivecontext federationpassivecontext, securitytoken securitytoken)

   @ microsoft.identityserver.web.federationpassiveauthentication.buildsigninresponse(securitytoken securitytoken)

______________________________________________________

the federation service encountered error while processing ws-trust request.

request type: http://schemas.xmlsoap.org/ws/2005/02/trust/rst/issue

additional data

exception details:

microsoft.identitymodel.securitytokenservice.failedauthenticationexception: msis3019: authentication failed. ---> system.identitymodel.tokens.securitytokenvalidationexception: id4063: logonuser failed 'administrator' user. ensure user has valid windows account. ---> system.componentmodel.win32exception: security database on server not have computer account workstation trust relationship

   --- end of inner exception stack trace ---

   @ microsoft.identitymodel.tokens.windowsusernamesecuritytokenhandler.validatetoken(securitytoken token)

   @ microsoft.identityserver.service.tokens.msiswindowsusernamesecuritytokenhandler.validatetoken(securitytoken token)

   @ microsoft.identitymodel.tokens.securitytokenelement.getsubject()

   @ microsoft.identityserver.service.securitytokenservice.msissecuritytokenservice.getonbehalfofprincipal(requestsecuritytoken request, iclaimsprincipal callerprincipal)

   --- end of inner exception stack trace ---

   @ microsoft.identityserver.service.securitytokenservice.msissecuritytokenservice.getonbehalfofprincipal(requestsecuritytoken request, iclaimsprincipal callerprincipal)

   @ microsoft.identityserver.service.securitytokenservice.msissecuritytokenservice.begingetscope(iclaimsprincipal principal, requestsecuritytoken request, asynccallback callback, object state)

   @ microsoft.identitymodel.securitytokenservice.securitytokenservice.beginissue(iclaimsprincipal principal, requestsecuritytoken request, asynccallback callback, object state)

   @ microsoft.identitymodel.protocols.wstrust.wstrustservicecontract.dispatchrequestasyncresult..ctor(dispatchcontext dispatchcontext, asynccallback asynccallback, object asyncstate)

   @ microsoft.identitymodel.protocols.wstrust.wstrustservicecontract.begindispatchrequest(dispatchcontext dispatchcontext, asynccallback asynccallback, object asyncstate)

   @ microsoft.identitymodel.protocols.wstrust.wstrustservicecontract.processcoreasyncresult..ctor(wstrustservicecontract contract, dispatchcontext dispatchcontext, messageversion messageversion, wstrustresponseserializer responseserializer, wstrustserializationcontext serializationcontext, asynccallback asynccallback, object asyncstate)

   @ microsoft.identitymodel.protocols.wstrust.wstrustservicecontract.beginprocesscore(message requestmessage, wstrustrequestserializer requestserializer, wstrustresponseserializer responseserializer, string requestaction, string responseaction, string trustnamespace, asynccallback callback, object state)

system.identitymodel.tokens.securitytokenvalidationexception: id4063: logonuser failed 'administrator' user. ensure user has valid windows account. ---> system.componentmodel.win32exception: security database on server not have computer account workstation trust relationship

   --- end of inner exception stack trace ---

   @ microsoft.identitymodel.tokens.windowsusernamesecuritytokenhandler.validatetoken(securitytoken token)

   @ microsoft.identityserver.service.tokens.msiswindowsusernamesecuritytokenhandler.validatetoken(securitytoken token)

   @ microsoft.identitymodel.tokens.securitytokenelement.getsubject()

   @ microsoft.identityserver.service.securitytokenservice.msissecuritytokenservice.getonbehalfofprincipal(requestsecuritytoken request, iclaimsprincipal callerprincipal)

system.componentmodel.win32exception: security database on server not have computer account workstation trust relationship

hi,

regarding adfs issue, better seek in adfs forum.:)

http://social.msdn.microsoft.com/forums/en/geneva/threads

niko

Windows Server  >  Security