Below you will find the procedure to set up SAML SSO between a test Azure AD SaaS Application and hand ADFS Claims X-Ray to troubleshoot custom SAML claim issuance and transformations.
Category: Single sign on
In this post I'll explain possible reason for 404 error you might see when using SAML SSO with Azure AD.
The post describes Azure AD claim mapping policy feature and how to manage it via PowerShell.
Read this post to find out possible solution for constant Azure AD Administrator Consent prompt for Zoom application.
There recently have been couple cases when the customers who has configured the Azure AD federation with RSA SecureID by following these instructions https://community.rsa.com/docs/DOC-1019 were randomly experiencing the error during users sign in: “AADSTS50008: Unable to verify token signature. The signing key identifier does not match any valid registered keys”. The issue temporary goes away … Continue reading RSA SecurID Access SAML Configuration for Microsoft Office 365 issue – “AADSTS50008: Unable to verify token signature. The signing key identifier does not match any valid registered keys”
Customer has configured the new Relying Party Trust by using the Relying Party Trust Wizard and importing the data from the file that was downloaded earlier on the management computer. When testing the Relying Party sign-on, the application was returning the error “An error SAML response status was received. urn:oasis:names:tc:SAML:2.0:status:Responder” Per following article https://msdn.microsoft.com/en-us/library/hh269642.aspx this … Continue reading AD FS Relying Party certificates errors troubleshooting (EventID 317)
Recently had very interesting issue to troubleshoot. This (long 😊 ) troubleshooting description for sure will help many to understand the ADFS Single Sign-On (SSO) flow and how to read the Fiddler traces. Environment: ADFS 3.0, CRM 2013, IIS 8.5 running a site. Both the CRM and the IIS site are federated with the ADFS. … Continue reading Federated applications (CRM and IIS) ADFS Single Sign-On (SSO) troubleshooting with Fiddler
Symptom: when accessing the federated application from inside of the corporate network using Internet Explorer, the users are presented with AD FS Forms Based authentication (FBA) page instead of Windows Integrated Authentication taking place. At the same time Edge and Chrome WIA are working as expected from intranet. Since there was no Windows security pop … Continue reading AD FS Single Sign on is not working with Internet Explorer 11