Re: ADFS

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Joe,
I added the file I downloaded from your web site, default.aspx, to a new
folder, and changed the Sharepoint - 80 virtual directory in IIS to point to
the file .
From the adfsclient computer, I go to https://adfsweb
I choose my realm, A. Datum
summit
I still get the same error.
server error in /adfs application
the resource cannot be found
description " http 404
requested url : /adfs/clientlogon.aspx

The 4 computers are all running in MS virtual machine, I could put the .vhd
files somewhere for you to look at? It's about 11.2 gig.


thanks
John


"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23$ExE9$aHHA.208@xxxxxxxxxxxxxxxxxxxxxxx
One of my problems with the step by step guide is that is doesn't really
"teach you how to fish". It is kind of a cookbook, but it is often hard
to apply to the concepts they demonstrate to other areas. MS is aware of
this issue and is trying to figure out how to address it. One thing you
might consider doing is just skipping over to the ADFS Deployment Guide
document. It is more general.

What I'd suggest you do now is just create another website in IIS and
configure it as a token app by configuring the ADFS agent in IIS manager.
If you get a very simple web form that dumps out the Windows security
context of the authenticated user such as the one I describe in this blog
post:

http://www.joekaplan.net/DiscoveringTheUsersNameAndGroupsInTheirWindowsToken.aspx

Then you can easily see what the agent is actually doing. Once you get
that to behave in a predictable way, you can try to move over to
sharepoint.

To set up the web site, you just need a site in IIS with an appropriate IP
address, port, SSL certificate and DNS entry (or a host file entry;
however you are making the names resolve). Configure it to use .NET 2.0
if you want to use my test page and configure it to use ADFS. In your
ADFS resource server, add an existing trusting application and configure
the URL of the app to match the URL you will use.

You can also do this for claims-based applications. I usually start with
those as they don't take any dependencies on Windows security and allow
you to see which claims are flowing across the federation trust into your
app.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"John M" <sdkfj@xxxxxxxxxxxxx> wrote in message
news:e7nbpg$aHHA.4140@xxxxxxxxxxxxxxxxxxxxxxx
how can I remove sharepoint from the mix then?

"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23LO%23gN$aHHA.4140@xxxxxxxxxxxxxxxxxxxxxxx
I don't actually see the error in the logs like I would expect to
(something in the server that generated the log should say ERROR in big
letters), but I think I may know what the problem is.

It looks like your trusting application is trying to use a NetBIOS style
name, https://adfsweb/, when ADFS thinks the URL is
https://adfsweb.treyresearch.net. You can't have this. The URLs must
match up for the trust policy to think the app is one of its own apps
and for the cookies to actually get replayed properly.

I think you might be having a problem with SharePoint itself, as I seem
to remember that there is something in SharePoint that may be doing this
by default. You might want to poke around in central admin to see if
you can figure it out. Unfortunately, I know very little about it or
I'd just tell you what to fix.

The other thing I generally recommend is starting off with plain claims
and token apps and moving to SharePoint after you have already confirmed
that the basic stuff works. SharePoint adds a lot of layers and makes
things hard to troubleshoot, especially if you don't know for sure that
all of your other components are working first.

I hope that helps!

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--








.

Relevant Pages

  • Re: Default document default.aspx fails to resolve
    ... I think that this is some kind of Sharepoint behavior. ... Kristofer Gafvert - IIS MVP ... > Default web site is 'stsfltr.dll' which I suspect is one ... >>> Do not get a 404 error, rather a standard windows error ...
    (microsoft.public.inetserver.iis)
  • Re: Problems configuring SSL and SPS2003...
    ... My IIS structure looks like this based on the default Microsoft install for ... > Bridging server which also works well with Sharepoint. ... > default web site for hosting the Sharepoint Portal. ...
    (microsoft.public.sharepoint.portalserver)
  • Re: Browsing Default Web Site (SharePoint) with IIS Problem
    ... Nor should a dcpromo have actually removed your machine from the domain. ... Certain inbuilt IIS accounts would have become domain accounts when you dcpromo-ed the box, but wouldn't have returned to being local accounts when you ran the second dcpromo. ... Since we're not sure what state your box is currently in, you may wish to backup your Sharepoint database. ... On my default web site, which happens to be a SharePoint 2003 site, I had to reset all the permissions on both IIS and SQL in order to get the site back up and running. ...
    (microsoft.public.inetserver.iis.security)
  • Re: "Visual Web Developer does not support creating Web sites on a
    ... I have now created a new virtual server in the IIS with a new port, ... Go into the MMC for IIS. ... you should be able to create the new web site in VS2005. ... Web sites on a SharePoint Web server) and posted the problem in newsgroup ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Additional SharePoint Site
    ... With SharePoint v3, you can have multiple IIS sites pointing to the same SharePoint application. ... Select the option to create a new web site in IIS, bind the new site to port 80 and give it a unique host header value. ... check "Integrated Windows Authentication". ...
    (microsoft.public.windows.server.sbs)