Below you will find the procedure to set up SAML SSO between a test Azure AD SaaS Application and hand ADFS Claims X-Ray to troubleshoot custom SAML claim issuance and transformations.
Category: Single sign on
HTTP Error 404 at login.microsoftonline.com for SAML SSO
In this post I'll explain possible reason for 404 error you might see when using SAML SSO with Azure AD.
The configuration was overwritten by a claim mapping policy created via Graph/PowerShell
The post describes Azure AD claim mapping policy feature and how to manage it via PowerShell.
Zoom Azure AD SSO Administrator consent constant prompt issue
Read this post to find out possible solution for constant Azure AD Administrator Consent prompt for Zoom application.
Azure AD SAML SSO multiple Identifiers and ReplyURLs support
This post will explain how to configure your Azure AD SAML SSO application to support multiple Issuers/Identifiers and Reply URLs
RSA SecurID Access SAML Configuration for Microsoft Office 365 issue – “AADSTS50008: Unable to verify token signature. The signing key identifier does not match any valid registered keys”
There recently have been couple cases when the customers who has configured the Azure AD federation with RSA SecureID by following these instructions https://community.rsa.com/docs/DOC-1019 were randomly experiencing the error during users sign in: “AADSTS50008: Unable to verify token signature. The signing key identifier does not match any valid registered keys”. The issue temporary goes away … Continue reading RSA SecurID Access SAML Configuration for Microsoft Office 365 issue – “AADSTS50008: Unable to verify token signature. The signing key identifier does not match any valid registered keys”
AD FS Relying Party certificates errors troubleshooting (EventID 317)
Customer has configured the new Relying Party Trust by using the Relying Party Trust Wizard and importing the data from the file that was downloaded earlier on the management computer. When testing the Relying Party sign-on, the application was returning the error “An error SAML response status was received. urn:oasis:names:tc:SAML:2.0:status:Responder” Per following article https://msdn.microsoft.com/en-us/library/hh269642.aspx this … Continue reading AD FS Relying Party certificates errors troubleshooting (EventID 317)
Federated applications (CRM and IIS) ADFS Single Sign-On (SSO) troubleshooting with Fiddler
Recently had very interesting issue to troubleshoot. This (long 😊 ) troubleshooting description for sure will help many to understand the ADFS Single Sign-On (SSO) flow and how to read the Fiddler traces. Environment: ADFS 3.0, CRM 2013, IIS 8.5 running a site. Both the CRM and the IIS site are federated with the ADFS. … Continue reading Federated applications (CRM and IIS) ADFS Single Sign-On (SSO) troubleshooting with Fiddler
AD FS Single Sign on is not working with Internet Explorer 11
Symptom: when accessing the federated application from inside of the corporate network using Internet Explorer, the users are presented with AD FS Forms Based authentication (FBA) page instead of Windows Integrated Authentication taking place. At the same time Edge and Chrome WIA are working as expected from intranet. Since there was no Windows security pop … Continue reading AD FS Single Sign on is not working with Internet Explorer 11
