Re: ADFS Web Server retrieving incorrect User name from ADFS resource server
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 24 Jan 2008 16:00:13 -0600
How do you have the account partner configured in the resource FS trust for
resource account mapping? There is a tab on the partner configuration with
4 options. Generally, you either need shadow accounts in the resource
forest for your account partner users or you use "shadow groups" and map
group claims from the account FS to group claims in the resource FS that
have a resource forest group associated with them.
With shadow accounts, ADFS is expecting there to be a user in the resource
forest with a UPN claim that matches the UPN of a user in the resource
forest. It is possible to change the UPN suffixes on the fly during the
login process by changing the UPN mappings in the UPN claim configuration
for the Account Partner.
Note also that the shadow account must be enabled and unlocked so that it
can actually be logged in. ADFS doesn't need to know the password, but the
account has to be valid.
HTH,
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Enrico" <nricko@xxxxxxxxx> wrote in message
news:0e9d4133-7287-4ba8-b768-dabf411d6fa6@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I currently have an ADFS implementation for a Windows NT token
application.
I have followed the ADFS step by step guide (6/2006) to set up a test
environment. Details of the environment are below:
1 resource federation server: omsfs31.acnos.com
1 account federation server: omsads33.acnoms.net
1 web server: omsos2.acnos.com
Sending original UPN from account domain to resource domain
Currently, I am able to successful logon to the ADFS-enabled web site
with a user on the resource domain (acnos.com).
However, when I attempt to logon to the ADFS-enabled web site with a
user from the account domain (acnoms.net), the web
server is obtaining the wrong username from the WSGetAccountName
function.
Please note that the user joann.carter was provisioned in the ACNOS
domain and is able to log onto the application when ADFS
web agent is not enabled.
I would expect to see the following line in the ADFS
ifsext_PortalsAppPool.log file:
WsGetAccountName: returning 0. User Name: ACNOS\joann.carter#acnoms_
but am getting this:
WsGetAccountName: returning 0. User Name: urn:federation:acnoms
\joann.carter@xxxxxxxxxx
Below you can find ADFS logs for both federation servers and the web
server. The account server clock is 5 minutes ahead of
the resource and web server.
I have the exact same ADFS configuration (which works) in my
production environment, but for some reason it will not work in
this development environment.
Any help would be greatly appreciated.
-------------------ADFS account server-------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
2008-01-24T20:05:47 [VERBOSE] Processing HTTP GET:
https://omsads33.acnoms.net/adfs/ls/?
wa=wsignin1.0&wtrealm=urn:federation:acnos&wct=2008-01-24T20:00:47Z&wctx=https://
omsos2.acnos.com/OpenScape/Portals/ntlm/
\https://omsos2.acnos.com/OpenScape/Portals/ntlm/default.aspx
2008-01-24T20:05:47 [VERBOSE] Received SignIn Request.
2008-01-24T20:05:47 [VERBOSE] HOMEREALM: Realm = urn:federation:self,
Source = Implied
2008-01-24T20:05:47 [INFO] Received signin request via query string.
2008-01-24T20:05:47 [VERBOSE] Sign In Request Dump
--------------------
wreply =
wtrealm = urn:federation:acnos
whr =
wauth =
wcontext =
https://omsos2.acnos.com/OpenScape/Portals/ntlm/\https://omsos2.acnos.com/OpenScape/Portals/ntlm/default.aspx
wct = 2008-01-24T20:00:47Z
ttpindex = 0
--------------------
2008-01-24T20:05:47 [INFO] Client is unauthenticated. Attempting to
collect credentials.
2008-01-24T20:06:02 [VERBOSE] Processing HTTP GET:
https://omsads33.acnoms.net/adfs/ls/auth/integrated/?
wa=wsignin1.0&wtrealm=urn:federation:acnos&wct=2008-01-24T20:00:47Z&wctx=https://
omsos2.acnos.com/OpenScape/Portals/ntlm/
\https://omsos2.acnos.com/OpenScape/Portals/ntlm/default.aspx
2008-01-24T20:06:02 [VERBOSE] Received SignIn Request.
2008-01-24T20:06:02 [VERBOSE] HOMEREALM: Realm = urn:federation:self,
Source = Implied
2008-01-24T20:06:02 [INFO] Received signin request via query string.
2008-01-24T20:06:02 [VERBOSE] Sign In Request Dump
--------------------
wreply =
wtrealm = urn:federation:acnos
whr =
wauth =
wcontext =
https://omsos2.acnos.com/OpenScape/Portals/ntlm/\https://omsos2.acnos.com/OpenScape/Portals/ntlm/default.aspx
wct = 2008-01-24T20:00:47Z
ttpindex = 0
--------------------
2008-01-24T20:06:02 [INFO] Client is unauthenticated. Attempting to
collect credentials.
2008-01-24T20:06:02 [INFO] Requesting token for urn:federation:acnos
with Sids.
2008-01-24T20:06:02 [INFO] InternalRSTWithSids called: target:
urn:federation:acnos; userSamName: ACNOMS\joann.carter; sid:
S-1-5-21-2388599113-2538868252-31744412-1136
2008-01-24T20:06:02 [INFO] GetClaimsFromSids called: target:
urn:federation:acnos; userSamName: ACNOMS\joann.carter; sid: S-
1-5-21-2388599113-2538868252-31744412-1136
2008-01-24T20:06:02 [VERBOSE] GetClaimsFromSids: received group sids:
2008-01-24T20:06:02 [VERBOSE]
S-1-5-21-2388599113-2538868252-31744412-513
2008-01-24T20:06:02 [VERBOSE] S-1-1-0
2008-01-24T20:06:02 [VERBOSE] S-1-5-32-545
2008-01-24T20:06:02 [VERBOSE] S-1-5-32-554
2008-01-24T20:06:02 [VERBOSE] S-1-5-2
2008-01-24T20:06:02 [VERBOSE] S-1-5-11
2008-01-24T20:06:02 [VERBOSE] S-1-5-15
2008-01-24T20:06:02 [VERBOSE]
S-1-5-21-2388599113-2538868252-31744412-1127
2008-01-24T20:06:02 [VERBOSE] AD.AddGroupClaimsForSid: Adding group
claim Group = TokenAppClaim for group sid S-1-5-21-
2388599113-2538868252-31744412-1127
2008-01-24T20:06:02 [VERBOSE] S-1-5-64-10
2008-01-24T20:06:02 [INFO] GetClaimsForUserNameWorker (LDAP): called
for user ACNOMS\joann.carter
2008-01-24T20:06:02 [VERBOSE] GetClaimsForUserNameWorker: Using DNS
domain acnoms.net for Netbios domain ACNOMS for user
ACNOMS\joann.carter/joann.carter
2008-01-24T20:06:02 [VERBOSE] GetClaimsForUserNameWorker: Searching
with the following params:
ldapSearchPath =
LDAP://acnoms.net/<SID=01050000000000051500000049215F8E1C0E54979C61E40170040000>
filter =
2008-01-24T20:06:02 [VERBOSE] GetClaimsForUserNameWorker: Got UPN 'UPN
= joann.carter@xxxxxxxxxx' for user
ACNOMS\joann.carter/joann.carter
2008-01-24T20:06:02 [INFO] GetClaimsForUserNameWorker (LDAP): Caching
new LDAP handle
2008-01-24T20:06:02 [VERBOSE]
TrustingRealmClaimTransformation.TransformClaims: Transforming input
claims:
Claims:
----------------------------
[UPN] - joann.carter@xxxxxxxxxx
[Group] - TokenAppClaim
2008-01-24T20:06:02 [VERBOSE] GroupClaimTransform.Transform Group =
TokenAppClaim to Group = TokenAppMapping called
2008-01-24T20:06:02 [VERBOSE] GroupClaimTransform.Transform: Creating
an output Group claim. Group TokenAppMapping
2008-01-24T20:06:02 [VERBOSE] GroupClaimTransform: Transform applied
to inbound Group = TokenAppClaim
2008-01-24T20:06:02 [VERBOSE]
TrustingRealmClaimTransformation.TransformClaims: UPN
joann.carter@xxxxxxxxxx passed through
2008-01-24T20:06:02 [VERBOSE] PrivacyTransform - Same user name:
joann.carter@xxxxxxxxxx => joann.carter@xxxxxxxxxx
2008-01-24T20:06:02 [VERBOSE] BuildCookieInfo: '1 _0f414ca9-
b863-4d98-85a9-5f08c4b00156 urn:federation:activedirectory
ACNOMS\joann.carter S-1-5-21-2388599113-2538868252-31744412-1136 1
urn:federation:authentication:windows 2008-01-24T20:06:02
2 A joann.carter@xxxxxxxxxx D TokenAppClaim'
2008-01-24T20:06:02 [INFO] Outbound token claims:
Claims:
----------------------------
[UPN] - joann.carter@xxxxxxxxxx
[Group] - TokenAppMapping
2008-01-24T20:06:02 [VERBOSE] Signing cert thumbprint -
317C1ED1F1307BD4D55383B5580E645AB678C693
2008-01-24T20:06:02 [VERBOSE] Signing Key Exponent - 3
2008-01-24T20:06:02 [VERBOSE] 010001
2008-01-24T20:06:02 [VERBOSE] Signing Key Modulus - 128
2008-01-24T20:06:02 [VERBOSE]
D49175FD339B9FB4658138DB147D541991E4F1FBD1F6F3CC0F08E8AC5D39DC7693FA87E433FBC7B96A8B2A132A5A82C96A9CB2BE20E306C09E6FF1DCD07B4
625B26F7A28F8986982B5104C93A351802E4777231842467452C90DDFAFD73F04ADE2185CA0E86B708A56023D859F663874195EB9DB530DE2EACF1912E388
E1BAA5
2008-01-24T20:06:02 [VERBOSE] Processing FS response: policy version
is dfdfb5dc-f807-420f-9095-5b03304eebac - 57
2008-01-24T20:06:02 [VERBOSE] Creds verification:
AccountStoreDisplayName = Active Directory
2008-01-24T20:06:02 [VERBOSE] AccountStoreType
= ActiveDirectoryType
2008-01-24T20:06:02 [VERBOSE]
AccountStoreTypeDisplay = Active Directory
2008-01-24T20:06:02 [VERBOSE]
AccountStoreUriStr = urn:federation:activedirectory
2008-01-24T20:06:02 [VERBOSE] User Validation Info: ErrorCode = 0
2008-01-24T20:06:02 [COOKIE] WRITING (/adfs/ls/) -
_WebSsoAuth=eNrNVllz6jwS5adQ3EfK8YoXKkmNbLOYYFabADVVXwlb3oIXJIPBv35MCHyQe
+/MnXkanqRW+/Tp1qFbzwTG2zYgBOE8TJP6bWXoL42/HAXyoiLKF
OuyEiXwkkTJkoAoXoEKaskyB3mmUTcI2SMjITlM8pcGxzAyxbAUJ1gc02bENsOtv3zwS2OPk7aHXIThOUgbOkkak0bdhFGKFwiTyvjSYCtDmDwajvE2Ie0z2wtICk
lI2gmMEWnnTnsOzGGbfWLa8JpA4/X5MzctTdzwbCD1UZqryEsx+h3LymGcjDHw8jPXex/
26vOFCvZuiBIHzRDJceic8W+Bvrm8/iJn8kw/+nzb/xqW/pbQNZB7CM8
Q0PVIdZp
+hNVteGkfkuCrbOeTS9ni0MEpSb38jlHjtQxyBkpg5CpkKzQnTUvaZd2gJQF99fJM/
wL3xvcr9Bf5PEBJHjqfqPMc5iiu9vVH+38QyqOzifIgdX+WzYNT
uwgTNy3I9W7m
+02EnPxrN6okYrhnby9EuN5NcQyr6EGeZ22aJk6AYkieqjqRFGZPKfZpZwvDmND2ZNR4jVKYJE8OxJUi/
nFR61OC8q/0H7GvRbnFp/9dWa5Fy6uL3
uxz9P3g/yaLR5r12+r82Uujh9N91ni0kgw66A/INb6DL+B2j16t9AMlIMtMmGVh4l/L
+Oj03fqT4a6e89BPYL7H6PJ3uDEriuKp4D8JVWJkaEahKweXhP6PxuUr5J
4V//
qswSRNqhvchuWdLutg66c4zIP4N5AszTJnSAodHcphheRHo07f8flDmAdmmECKBJD9RJohD
+Fzw6jbM+Ol8ePPOvbrs4VhQqpOGJO79X/HAyUHtE0z5FLkms4
npT+H+0116HtyeuhXrfB/
qdOtRheIi2q6w8TrSyflLfU0Cw38TRGH4J09IlmoGt295zN9q221vtfC7fYujmYLL5MYrtSelQndN3EuSkyTVzBj5AfSEUfOe9Q8yO9R
7CiLUlD2m2bVbIP58iSX0bRMB9ks8Y4C3H8wwJSHJq3v7P6E4+eHRGl9cIs0HDNZuCJ9Y7kSxIGveDsRa0KIM3GYKF3QwsMmHsqhmqbH6VHSTwzailo/
2rpaTwsls
4+tciIpUXI8OS
+XRO7IP7+h0yWrZYtRdJjDy0o7z1Dv3LKqBA1DlSJNA4u9DwpDBb4xXZmdQ/
fNIMJgrZEFvc3sg5tbYKD6NtZ9U+tPbWBq9tEoQaD6o4UKTKv3sd
6ue4vTajnLNpzg29zi5MaLk9FRRjbT7dilWZqqsNQtwJuWUYysjmCWK8bsppWtU5i6X5p/
24qB1YlMrdMDrN0BRxPO4sXHejkI3N72sAlVq1pz66XhWwxrTe2ZVaE
X/
lou9Olq8JaujeDgjMC0o6pToPurqvpGbwDSngpG85nrMWXcajLrVUfgjjNlocaz1qQvMd6mLIFsiG9Hd
+weuQ9612/pE+kobXfhKbXetjvt9L5zCBZ8odiAJKaP
/EiVZuH7acOnaXMQZD62p9ZgHNkrsJ/xTtTrDHpudzjQ3eaBLeUORsZq
+aankNfeFr6hBGslHven6yVONnbBhyKR15392BA2uy3wTRWAXjQowdZUzXMt3MF0appVI
ppGemBqd9WiOgHC55leTPugsAEB1U9/vK/
KRQVdezg0Zu7JtGbWUJ3M0XQ5j4zxqmyOttF42HEzJTfjalJrQboJxI6EIzz6sCdcypYRLLKFuylNOPmYz3vM0beUpo
cXfL4vNoa4C6Tl2na0QDzxbLjXrUNfd3cDUZp2BnSeud7E2E/
dJbZHIatPyh7hzC4toG457k7UIfTd7TsoD9GpuxnykWqwz/R3pV4sFxXTN2X/rfnbjLi
+EV/Z2l+
MJ7CCAxVqI4s8JbiKTMmtatvyGNkRNlWbaom12k9vuDw8IDfE1YRM8akGtNHYnP/
zfs7W5hRLtSiueuDwstxSFJblKa5VrUWZa3EUz0qCILAcVdmrAGztj944tV+8
mmpcDdR+M+Jr
2008-01-24T20:06:02 [COOKIE] WRITING (/adfs/ls/) -
_WebSsoAuth0=eu06TrXzzP0XyKgJ9Q==
[VERBOSE] Sign In Response Dump
--------------------
wcontext =
https://omsos2.acnos.com/OpenScape/Portals/ntlm/\https://omsos2.acnos.com/OpenScape/Portals/ntlm/default.aspx
wresult to follow
XML Data Follows
----------------
<wst:RequestSecurityTokenResponse xmlns:wst="http://
schemas.xmlsoap.org/ws/2005/02/trust">
<wst:RequestedSecurityToken>
<saml:Assertion
AssertionID="_c9a36968-1d17-4377-874e-39a9e5882a30"
IssueInstant="2008-01-24T20:06:02Z"
Issuer="urn:federation:acnoms" MajorVersion="1" MinorVersion="1"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:Conditions NotBefore="2008-01-24T20:06:02Z"
NotOnOrAfter="2008-01-24T21:06:02Z">
<saml:AudienceRestrictionCondition>
<saml:Audience>urn:federation:acnos</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:Advice>
<adfs:CookieInfoHash
xmlns:adfs="urn:microsoft:federation">zht0a7ANd9sl4+P+T7qpFh57ADY=</
adfs:CookieInfoHash>
</saml:Advice>
<saml:AuthenticationStatement
AuthenticationInstant="2008-01-24T20:06:02Z"
AuthenticationMethod="urn:federation:authentication:windows">
<saml:Subject>
<saml:NameIdentifier Format="http://schemas.xmlsoap.org/
claims/UPN">joann.carter@xxxxxxxxxx</saml:NameIdentifier>
</saml:Subject>
</saml:AuthenticationStatement>
<saml:AttributeStatement>
<saml:Subject>
<saml:NameIdentifier Format="http://schemas.xmlsoap.org/
claims/UPN">joann.carter@xxxxxxxxxx</saml:NameIdentifier>
</saml:Subject>
<saml:Attribute AttributeName="Group"
AttributeNamespace="http://schemas.xmlsoap.org/claims";>
<saml:AttributeValue>TokenAppMapping</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/
xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/
xmldsig#rsa-sha1" />
<Reference URI="#_c9a36968-1d17-4377-874e-39a9e5882a30">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/
xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-
c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/
xmldsig#sha1" />
<DigestValue>FLnfH7y9KofCTeJgbwmiAW1xe84=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>M5rXnmaYBGTp4FK6S670+39r0ItvsE6NcWj+v8Wjmc9Vz49ub
+ht0hSXy8zjQzoJpRnfx4auk0AM8LM/DqUHP23Svn95k2VoiO0piYsHIXY46
Jg9fq6rC4irp6Ln9FA5rL+rL8iBooxQx7Dy0el6CHjldCGCi7MHrTzP79jnxyc=</
SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIB7jCCAVugAwIBAgIQYMEvFKIs4JZCsV/
lpUvdtTAJBgUrDgMCHQUAMCUxIzAhBgNVBAMTGkZlZGVyYXRpb24gU2VydmVyIE9NU0FEUzMz
MB4XDTA3MTIwNTE4MzY0MFoXDTEwMDgzMTE4MzY0MFowJTEjMCEGA1UEAxMaRmVkZXJhdGlvbiBTZXJ2ZXIgT01TQURTMzMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AM
IGJAoGBANSRdf0zm5+0ZYE42xR9VBmR5PH70fbzzA8I6KxdOdx2k/
qH5DP7x7lqiyoTKlqCyWqcsr4g4wbAnm/x3NB7RiWyb3oo
+JhpgrUQTJOjUYAuR3cjGEJGdF
LJDd
+v1z8EreIYXKDoa3CKVgI9hZ9mOHQZXrnbUw3i6s8ZEuOI4bqlAgMBAAGjJzAlMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA4GA1UdDwQHAwUAsAAAADAJBgUrDgM
CHQUAA4GBAFULLIRdyMTRTLBPSeQXSjIOYz
+NljOLEdp9tMm02ZChobh6E7rjrNkUP2o1zjawpVdbzMaPkSSG0xgT9+frV3tuwbI6qh7XZUcCh6y31iuDTvHDdqJ6
7QEJ/tpdfPIuQdXrUNi1DPzGs2MF/4eFzOFPBLagdlWAzvjyFbL3jBI1</
X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</saml:Assertion>
</wst:RequestedSecurityToken>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/
policy">
<wsa:EndpointReference xmlns:wsa="http://schemas.xmlsoap.org/ws/
2004/08/addressing">
<wsa:Address>urn:federation:acnos</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
</wst:RequestSecurityTokenResponse>
----------------
2008-01-24T20:06:02 [VERBOSE] Generated cleanup cookie with 1 entries
2008-01-24T20:06:02 [COOKIE] WRITING (/adfs/ls/) -
_LSCleanup=2008-01-24:20:06:02Zr0urn:federation:acnos
2008-01-24T20:06:02 [INFO] Posting response to
https://omsfs31.acnos.com/adfs/ls/.
-------------------------------------------------------
-------------------------------------------------------
-------------------------------------------------------
-------------------ADFS resource
server----------------------------------
---------------------------------------------------------------------------
-------------------------------------------------------------------------------
2008-01-24T20:00:35 [VERBOSE] Generated cleanup cookie with 1 entries
2008-01-24T20:00:35 [COOKIE] WRITING (/adfs/ls/) - _LSCleanup=2008-01-
24:20:00:35Zahttps://omsos2.acnos.com/OpenScape/Portals/ntlm/
2008-01-24T20:00:35 [INFO] Posting response to
https://omsos2.acnos.com/OpenScape/Portals/ntlm/.
2008-01-24T20:00:47 [VERBOSE] Processing HTTP GET:
https://omsfs31.acnos.com/adfs/ls/?
wa=wsignin1.0&wreply=https://omsos2.acnos.com/OpenScape/Portals/ntlm/
&wct=2008-01-
24T20:00:46Z&whr=urn:federation:acnoms&wctx=https://omsos2.acnos.com/
OpenScape/Portals/ntlm/default.aspx
2008-01-24T20:00:47 [VERBOSE] Received SignIn Request.
2008-01-24T20:00:47 [VERBOSE] HOMEREALM: Realm =
urn:federation:acnoms, Source = FromQueryString
2008-01-24T20:00:47 [INFO] Received signin request via query string.
2008-01-24T20:00:47 [VERBOSE] Sign In Request Dump
--------------------
wreply = https://omsos2.acnos.com/OpenScape/Portals/ntlm/
wtrealm =
whr = urn:federation:acnoms
wauth =
wcontext = https://omsos2.acnos.com/OpenScape/Portals/ntlm/default.aspx
wct = 2008-01-24T20:00:46Z
ttpindex = 0
--------------------
2008-01-24T20:00:47 [INFO] Redirecting to account realm acnoms.net
(https://omsads33.acnoms.net/adfs/ls/).
2008-01-24T20:00:47 [VERBOSE] SignIn Request Dump:
System.Web.Security.SingleSignOn.SignInRequest
2008-01-24T20:01:04 [INFO] Processing HTTP POST:
https://omsfs31.acnos.com/adfs/ls/
2008-01-24T20:01:04 [VERBOSE] Received SignIn Response.
2008-01-24T20:01:04 [VERBOSE] HOMEREALM: Realm = urn:federation:self,
Source = FromCookie
2008-01-24T20:01:04 [INFO] Received signin response via post body.
[VERBOSE] Sign In Response Dump
--------------------
wcontext =
https://omsos2.acnos.com/OpenScape/Portals/ntlm/\https://omsos2.acnos.com/OpenScape/Portals/ntlm/default.aspx
wresult to follow
XML Data Follows
----------------
<wst:RequestSecurityTokenResponse xmlns:wst="http://
schemas.xmlsoap.org/ws/2005/02/trust">
<wst:RequestedSecurityToken>
<saml:Assertion
AssertionID="_c9a36968-1d17-4377-874e-39a9e5882a30"
IssueInstant="2008-01-24T20:06:02Z"
Issuer="urn:federation:acnoms" MajorVersion="1" MinorVersion="1"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:Conditions NotBefore="2008-01-24T20:06:02Z"
NotOnOrAfter="2008-01-24T21:06:02Z">
<saml:AudienceRestrictionCondition>
<saml:Audience>urn:federation:acnos</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:Advice>
<adfs:CookieInfoHash
xmlns:adfs="urn:microsoft:federation">zht0a7ANd9sl4+P+T7qpFh57ADY=</
adfs:CookieInfoHash>
</saml:Advice>
<saml:AuthenticationStatement
AuthenticationInstant="2008-01-24T20:06:02Z"
AuthenticationMethod="urn:federation:authentication:windows">
<saml:Subject>
<saml:NameIdentifier Format="http://schemas.xmlsoap.org/
claims/UPN">joann.carter@xxxxxxxxxx</saml:NameIdentifier>
</saml:Subject>
</saml:AuthenticationStatement>
<saml:AttributeStatement>
<saml:Subject>
<saml:NameIdentifier Format="http://schemas.xmlsoap.org/
claims/UPN">joann.carter@xxxxxxxxxx</saml:NameIdentifier>
</saml:Subject>
<saml:Attribute AttributeName="Group"
AttributeNamespace="http://schemas.xmlsoap.org/claims";>
<saml:AttributeValue>TokenAppMapping</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/
xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/
xmldsig#rsa-sha1" />
<Reference URI="#_c9a36968-1d17-4377-874e-39a9e5882a30">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/
xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-
c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/
xmldsig#sha1" />
<DigestValue>FLnfH7y9KofCTeJgbwmiAW1xe84=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>M5rXnmaYBGTp4FK6S670+39r0ItvsE6NcWj+v8Wjmc9Vz49ub
+ht0hSXy8zjQzoJpRnfx4auk0AM8LM/DqUHP23Svn95k2VoiO0piYsHIXY46
Jg9fq6rC4irp6Ln9FA5rL+rL8iBooxQx7Dy0el6CHjldCGCi7MHrTzP79jnxyc=</
SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIB7jCCAVugAwIBAgIQYMEvFKIs4JZCsV/
lpUvdtTAJBgUrDgMCHQUAMCUxIzAhBgNVBAMTGkZlZGVyYXRpb24gU2VydmVyIE9NU0FEUzMz
MB4XDTA3MTIwNTE4MzY0MFoXDTEwMDgzMTE4MzY0MFowJTEjMCEGA1UEAxMaRmVkZXJhdGlvbiBTZXJ2ZXIgT01TQURTMzMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AM
IGJAoGBANSRdf0zm5+0ZYE42xR9VBmR5PH70fbzzA8I6KxdOdx2k/
qH5DP7x7lqiyoTKlqCyWqcsr4g4wbAnm/x3NB7RiWyb3oo
+JhpgrUQTJOjUYAuR3cjGEJGdF
LJDd
+v1z8EreIYXKDoa3CKVgI9hZ9mOHQZXrnbUw3i6s8ZEuOI4bqlAgMBAAGjJzAlMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA4GA1UdDwQHAwUAsAAAADAJBgUrDgM
CHQUAA4GBAFULLIRdyMTRTLBPSeQXSjIOYz
+NljOLEdp9tMm02ZChobh6E7rjrNkUP2o1zjawpVdbzMaPkSSG0xgT9+frV3tuwbI6qh7XZUcCh6y31iuDTvHDdqJ6
7QEJ/tpdfPIuQdXrUNi1DPzGs2MF/4eFzOFPBLagdlWAzvjyFbL3jBI1</
X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</saml:Assertion>
</wst:RequestedSecurityToken>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/
policy">
<wsa:EndpointReference xmlns:wsa="http://schemas.xmlsoap.org/ws/
2004/08/addressing">
<wsa:Address>urn:federation:acnos</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
</wst:RequestSecurityTokenResponse>
----------------
2008-01-24T20:01:04 [INFO] Requesting token for
https://omsos2.acnos.com/OpenScape/Portals/ntlm/ from FS using inbound
token.
2008-01-24T20:01:04 [VERBOSE] Parse: Token NOT found in cache
2008-01-24T20:01:04 [VERBOSE] SAML: effectivetime = 01/24/2008
20:06:02
expirationtime = 01/24/2008 21:06:02
2008-01-24T20:01:04 [VERBOSE] Verifying Cert Thumbprint -
317C1ED1F1307BD4D55383B5580E645AB678C693
2008-01-24T20:01:04 [VERBOSE] Verifying Key Exponent - 3
2008-01-24T20:01:04 [VERBOSE] 010001
2008-01-24T20:01:04 [VERBOSE] Verifying Key Modulus - 128
2008-01-24T20:01:04 [VERBOSE]
D49175FD339B9FB4658138DB147D541991E4F1FBD1F6F3CC0F08E8AC5D39DC7693FA87E433FBC7B96A8B2A132A5A82C96A9CB2BE20E306C09E6FF1DCD07B4
625B26F7A28F8986982B5104C93A351802E4777231842467452C90DDFAFD73F04ADE2185CA0E86B708A56023D859F663874195EB9DB530DE2EACF1912E388
E1BAA5
2008-01-24T20:01:04 [INFO] Saml Token Validate: TOKEN IS VALID
2008-01-24T20:01:04 [VERBOSE]
TrustedRealmClaimTransformation.TransformClaims: Transforming input
claims:
Claims:
----------------------------
[UPN] - joann.carter@xxxxxxxxxx
[Group] - TokenAppMapping
2008-01-24T20:01:04 [VERBOSE] GroupClaimTransform.Transform Group =
TokenAppMapping to GroupSid = S-1-5-21-1403853490-
1640545253-2850924328-1155 called
2008-01-24T20:01:04 [VERBOSE] GroupClaimTransform.Transform: Creating
an output ADGroup claim. Group: TokenAppClaim,
GroupSid: S-1-5-21-1403853490-1640545253-2850924328-1155
2008-01-24T20:01:04 [VERBOSE] GroupClaimTransform: Transform applied
to inbound Group = TokenAppMapping
2008-01-24T20:01:04 [VERBOSE]
TrustingRealmClaimTransformation.TransformClaims: Transforming input
claims:
Claims:
----------------------------
[UPN] - joann.carter@xxxxxxxxxx
[Group] - TokenAppClaim, [GroupSid] - S-1-5-21-1403853490-
1640545253-2850924328-1155
2008-01-24T20:01:04 [VERBOSE] TransformClaims: ADGroup claim
SID:S-1-5-21-1403853490-1640545253-2850924328-1155
2008-01-24T20:01:04 [VERBOSE] TransformClaims: Packing 1 UserGroups
into CorpClaim
2008-01-24T20:01:04 [VERBOSE] TransformClaims: Outbound SIDs in corp
and out claims
2008-01-24T20:01:04 [VERBOSE] TransformClaims: SidPackFlags -
NoUserSid
2008-01-24T20:01:04 [VERBOSE] TransformClaims:
S-1-5-21-1403853490-1640545253-2850924328-1155
2008-01-24T20:01:04 [VERBOSE] BuildCookieInfo: '1 _6697d471-e062-4203-
b2d6-bd5dd7009d8d urn:federation:acnoms 1
urn:federation:authentication:windows 2008-01-24T20:06:02 2 A
joann.carter@xxxxxxxxxx D1 TokenAppClaim S-1-5-21-1403853490-
1640545253-2850924328-1155'
2008-01-24T20:01:04 [INFO] Outbound token claims:
Claims:
----------------------------
[UPN] - joann.carter@xxxxxxxxxx
[Group] - TokenAppClaim
2008-01-24T20:01:04 [VERBOSE] Signing cert thumbprint -
DA1CAB044E57FBF3428B4095205CF0C0F1DB7211
2008-01-24T20:01:04 [VERBOSE] Signing Key Exponent - 3
2008-01-24T20:01:04 [VERBOSE] 010001
2008-01-24T20:01:04 [VERBOSE] Signing Key Modulus - 128
2008-01-24T20:01:04 [VERBOSE]
C0C505C477669A572FE20CEEADB11F5D5B44CC9815DAD0D45DE66E267411E540F02C7B143663DB43CCCD6038396D21C3DD022EA883BB2CAE776734B43D93A
99559912CA317B677A4A823186562F91CE918ACF002BC6EAD37FBDDB6CBED1146015693CDFB49CE4BDE61FBDEB0B908EE8D12DB449F55C9F5DDD9DA7D03D4
534EDB
2008-01-24T20:01:04 [VERBOSE] Processing FS response: policy version
is 1769cf7a-b784-406e-974e-6bbf24a8e693 - 104
2008-01-24T20:01:04 [COOKIE] WRITING (/adfs/ls/) -
_WebSsoAuth=eNrNV1t3qkoS9qdkeR6zDBdBxZVkTXNRUcGAiOLLWdAgolyU5qa//
jQxZmv2zkxmnoYHVlNdfPXV19VF84zsKOwDhLw0C5L44XMkiy/Nv7su3MAOZ
Fs2y3VbTLtDt5xN121hEw1psmdvINt8kBHKPTlGmR1nL02aJHstkmrRjEGTfZLqk8z6wyd9aeZp3N94rpfadZC
+DeMENR8Ue5ekppcibHtpUtgQxPeGKgpj1K/JXj
ASGwWoH9uRh/oZ7M+BMu1TT2TfvvJvvj6/pyYksRvUBvSgJhnvbZLU
+44kdpjFsxRssprqrQ919flABbkbeDH0dA9laQBr/
M9AX1xet1l2QH2CSCKUIPrpPeUnmET
E7ODFc2gfPOItSTM7RESchRHxTNy//+X5zyGJL8leSbhFUEPY7gb1l0HsJiWSXS/
Ogk2A1f2QtZ69yBoFME1QssluFqn5yoP6kuobfxnjgb7Ad+E0PFIG6xSyNQ/i
rr1/n/ZLDd9fXp6Jb+J+EBJCO4jmSZ5C74dM/lA+EfoIc4N2xU
+SfYArc5OMbLT9YYhw50kOqjhTNzY960hFR+OxM+YK6eRfE7rH/VygD60/
Vivb1unCd9R5Zmdeh
J8f7u3fbZpOn6RxPd47K162Tdzft9CdU7+8iH0t1Hnu7DyYfTypeL/
8WoaHQZJGNo5eVyguUAS3XmSjJ6wTSuzDU5L6BKxFRcTiTW2+7hI7jp+gneLt8a+L9E
+xl3
2kf499FeUzPvHvZLmKluHKdvLM+zrxf5PFPc2Hz1H92ktzmCb5oXlvRQcbej8g1/
wKbtph7r0ayd6LweHwXtxXEe9dvlp/M9yoOQ/82M7y9GO/ffIqy/KpbL/TwaV
IEiRHYAcXBf5fzctbnlvX++uzYMdJjNcvDM43VfkAQj9Jg2wbfQNJERRZQ7a8CrYgxcR/NR
+IGz4/hLljliK7hbY29Y6kexsvrfvjw0KXX5p//ezb9fpspHaM8Ech
Qjfj/46HFxdemBw8t4Wu6bxT+jncN+oQt+TEwMed/3/
R6VOjC8Slana0OgsJB54WU6SIR145rqaBkEdLHuI2d
+v5THxqi8e3tfC5ehfH6FFZHjhf0teT5eNCmUSPs
6rYt4E94DnOcIm3wteP6rTUfPU4CA3IpB4zPrTFvRq0MzGGkBUeuwvvMfG5ceTB/
Sg9JgnlnPKKGkOffRt21aVanfzpyHIHwdLy/VnnrG1iGdLTLrNwxg4vU14F9O
NjKnT4E5KYMZhmLlLZA4qBthz6GRmFpblAL5dEbsg/T7zTJasVS3KindmXkVAfJzZ1w/
JeFVmWJFEQQBH4oJR54MuTwZEieh/fRPUMVN7fH7f7YMiVJA+0xQCIYKH
ocikBSzQ1TZTKcGvRbAFpdQvPUjnaQlURYakYUqUY
+5N6XjDL2maAciYq2AarmYhtO1ApGioF7R1HlsrxbL6TAkUAQ0AtJDy71iNzv16Nt
+4wLJyAN/CYXq9k3yAp
Qw
+Vs2IIfPwbR2kAwIzfaaD0rb3gWxIolcWgGrlRFMKC8c956kiblZlJ57Fv0pm4WHnrfBxrOrsQy
+kILdTozdF6Z9USfdaZj8S2JudHedadTtj2+jwn39azQ2hG+
nSirLLY2x8FxVovp
+xotrfSNyAUw06mEoWboSKTFhZvHt7URzKezTl2+8h1ylzb5Tt96uhjzjxtVi7tHjjA6YaRIQFgZYE9EwDcl74/
GiiAqfVwxVLiiVLDychST+
Sl25wFrSfhtaJqX0E4Duey0xY1rKQvA1/EYvj
+1VfkgSwAGZR8aQ0mJSMCH5ZYJHmSrOVtAVVQwnJUr4lOznjekgZvxmkvbQ8RdaLFQnYtOdB03vJHO
+mgCPCd21j
TfIWvY6NhXSN8qfA4Zsr70oDXII6B8UuL57XFCC9GOSrf8XfYqRwkYLE4GX5QSYW8Y83B4MAMmbasImbnVVZpX7hs
+KGM3+K9ZHDyl4l1tEc6CcWkmNJcBulqB+lB
qZylQqPNkyuZ
2008-01-24T20:01:04 [COOKIE] WRITING (/adfs/ls/) -
_WebSsoAuth0=OYw45AjcbW3mVnuMtkEV2csqnAW9YjWoCmelIquN53FtriQ1hLE
+cOJx4QwraC3V3GmrO2ulVNNIPTmiwEfgJhdNknwL4TrDJ0Ttl10Bk6G63JLu
CHSmJ+4uxpS8jVEWDk2dnaF6tlbgrJi/8SUVSfml6xkI2537Y/7/ERuQQ2F+rRep5g4Ag/
uAJiDc3xxeXZNS5apKsva7bL4OuGUeRttCJGyxmKJOrr3N52HRZozjS
n9EE7uTA7Zrx0WZ0zp5cs/URKGBaTgZs/aWEyMUingzLHtBdkyi/
dxfnqfFelKuTt2KDjxH82Fkc8zcIBlxyiSDFSuLaWFOeM5oL/
aDZczOGDubKpk8R2611TjUUd
ZluoZhcpSczVjfLyZhEO7RkBgqgWk65xRMZ5BsC/Q
+ij1DGxzjAoYbZAOLmuTnPWG3ZxKhzXsWzHcV4O31yu2Ak9zjq0Q2FgSzO1PinjnOqMG8nQxlECPD9CaTVah
LggC3qQ34o23uqCQ3dy71Vth2Yjq5Gi31kj0tWIoYlKLlbqWhsbEic/
VMfO3AF8ulOxOfHftXL/88+1x/A1+pxt+dDtd1mS7V8kh8CGBost1yaLfTclzWdbskybk9
t9H4469FA19U40cn7sYfzvANugEa3xw4GyLVuDvdNeYtqsW2aKpFMWS7x7YZjmxRHYZkGZZm2y26h1OnmTbda1EUy/
4D6gJcIg==
2008-01-24T20:01:04 [INFO] Writing realm cookie. Realm =
urn:federation:acnoms
[VERBOSE] Sign In Response Dump
--------------------
wcontext = https://omsos2.acnos.com/OpenScape/Portals/ntlm/default.aspx
wresult to follow
XML Data Follows
----------------
<wst:RequestSecurityTokenResponse xmlns:wst="http://
schemas.xmlsoap.org/ws/2005/02/trust">
<wst:RequestedSecurityToken>
<saml:Assertion AssertionID="_7dcfc6c5-a597-4362-
bf7d-6c52c208afc5" IssueInstant="2008-01-24T20:01:04Z"
Issuer="urn:federation:acnos" MajorVersion="1" MinorVersion="1"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:Conditions NotBefore="2008-01-24T20:01:04Z"
NotOnOrAfter="2008-01-24T21:01:04Z">
<saml:AudienceRestrictionCondition>
<saml:Audience>https://omsos2.acnos.com/OpenScape/Portals/
ntlm/</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:Advice>
<adfs:WindowsIdentifiers
xmlns:adfs="urn:microsoft:federation">BAAAAAEAAAABBAAAAAAABRUAAACyGq1T5bvIYSin7akBAAAAgwQAAA==</
adfs:WindowsIdentifiers>
<adfs:ClaimSource
xmlns:adfs="urn:microsoft:federation">urn:federation:acnoms</
adfs:ClaimSource>
<adfs:CookieInfoHash
xmlns:adfs="urn:microsoft:federation">ljeEbsx9VRTf8Yq1mqT+6J9vEyg=</
adfs:CookieInfoHash>
</saml:Advice>
<saml:AuthenticationStatement
AuthenticationInstant="2008-01-24T20:06:02Z"
AuthenticationMethod="urn:federation:authentication:windows">
<saml:Subject>
<saml:NameIdentifier Format="http://schemas.xmlsoap.org/
claims/UPN">joann.carter@xxxxxxxxxx</saml:NameIdentifier>
</saml:Subject>
</saml:AuthenticationStatement>
<saml:AttributeStatement>
<saml:Subject>
<saml:NameIdentifier Format="http://schemas.xmlsoap.org/
claims/UPN">joann.carter@xxxxxxxxxx</saml:NameIdentifier>
</saml:Subject>
<saml:Attribute AttributeName="Group"
AttributeNamespace="http://schemas.xmlsoap.org/claims";>
<saml:AttributeValue>TokenAppClaim</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/
xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/
xmldsig#rsa-sha1" />
<Reference URI="#_7dcfc6c5-a597-4362-bf7d-6c52c208afc5">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/
xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-
c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/
xmldsig#sha1" />
<DigestValue>j2NOl/bcyULsMDqBMqXLiCumWBc=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>m+MWp9gERZKW+UMKm+Oxvk3AaFB99Td/
PvgRqNLwQgNqFlTc4re4Jp3DkNi3tDncc5C+7Ue
+og9JmeckHrqoo1byux1Jcg5PG7NWNxygLHYdF
iWYggO6zQfnIc2L74UbJbBI1exARq+rC6BysE4JALtdsN5psnAQWGgt0mlwVUs=</
SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIEEDCCAvigAwIBAgIKFq1/8AAAAAAANzANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDEwlhY25vc2NhczEwHhcNMDcwMTExMTkyNzU4WhcN
MTAwODMxMTcxODU4WjAxMQswCQYDVQQIEwJOSjEiMCAGA1UEAxMZRmVkZXJhdGlvbiBTZXJ2ZXIgT01TRlMzMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAw
MUFxHdmmlcv4gzurbEfXVtEzJgV2tDUXeZuJnQR5UDwLHsUNmPbQ8zNYDg5bSHD3QIuqIO7LK53ZzS0PZOplVmRLKMXtnekqCMYZWL5HOkYrPACvG6tN/
vdtsvtEU
YBVpPN+0nOS95h
+96wuQjujRLbRJ9VyfXd2dp9A9RTTtsCAwEAAaOCAckwggHFMA4GA1UdDwEB/
wQEAwIE8DBEBgkqhkiG9w0BCQ8ENzA1MA4GCCqGSIb3DQMCAgI
AgDAOBggqhkiG9w0DBAICAIAwBwYFKw4DAgcwCgYIKoZIhvcNAwcwHQYDVR0OBBYEFPTykEhpm1y2DvIdYIiQRBYgHjEpMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggr
BgEFBQcDAgYIKwYBBQUHAwMwHwYDVR0jBBgwFoAUUyTgixEvIj5VFFp4G43INs4jexYwaQYDVR0fBGIwYDBeoFygWoYqaHR0cDovL29tc2xjc2FwMzEvQ2VydEVuc
m9sbC9hY25vc2NhczEuY3JshixmaWxlOi8vXFxvbXNsY3NhcDMxXENlcnRFbnJvbGxcYWNub3NjYXMxLmNybDCBmAYIKwYBBQUHAQEEgYswgYgwQQYIKwYBBQUHMA
KGNWh0dHA6Ly9vbXNsY3NhcDMxL0NlcnRFbnJvbGwvb21zbGNzYXAzMV9hY25vc2NhczEuY3J0MEMGCCsGAQUFBzAChjdmaWxlOi8vXFxvbXNsY3NhcDMxXENlcnR
FbnJvbGxcb21zbGNzYXAzMV9hY25vc2NhczEuY3J0MA0GCSqGSIb3DQEBBQUAA4IBAQCsTd/
bBNZ0ExdNMoZg75uZi9WulmhvD/aDvLs6uQPSSlv34TqXR+sKa6uA
57anvwu2R0ydz1KM2AVTbt4ZeWKTlCvnfGw8itqomkSgWzLvZKwXy7x2iebQgcma94ST04DL4oFX5IDrvVKB9T3UkFWn5O4atLMtISsdxhQ9s6MZwrZcloqEbfJRk
UKlilksG/GMiVVbzrALOc03C2kmneTQFqnvclfsaAY1Kuzk/a3OE/
QS8YcujxABaZXd6AyI8BxoITU/
4jz1Dk4qO1FS3oGIAnsTVeKKXlRECCchraABqaVj1ouVjd
1PvaaoVbuNmWRw5yU51/FwDYdhEGTfYmVX</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</saml:Assertion>
</wst:RequestedSecurityToken>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/
policy">
<wsa:EndpointReference xmlns:wsa="http://schemas.xmlsoap.org/ws/
2004/08/addressing">
<wsa:Address>https://omsos2.acnos.com/OpenScape/Portals/ntlm/</
wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
</wst:RequestSecurityTokenResponse>
----------------
2008-01-24T20:01:04 [VERBOSE] Generated cleanup cookie with 1 entries
2008-01-24T20:01:04 [COOKIE] WRITING (/adfs/ls/) - _LSCleanup=2008-01-
24:20:01:04Zahttps://omsos2.acnos.com/OpenScape/Portals/ntlm/
2008-01-24T20:01:04 [INFO] Posting response to
https://omsos2.acnos.com/OpenScape/Portals/ntlm/.
-------------------------------------------------------------------------------
---------------------------------------------------------------------------------
--------------------------------------------------------------------------------------
--------------------ADFS web
server-------------------------------------
--------------------------------------------------------------------------
-----------------------------------------------------------------------------
684.9124> WsExt-Trace: Jan 24 08 20:00:46 HttpExtensionProc : ENTER
684.9124> WsExt-Trace: Jan 24 08 20:00:46 GetCustomHeader: returning
TRUE. Found custom header: TRUE
684.9124> WsExt-Trace: Jan 24 08 20:00:46 IsClientFormsCapable: User
agent is Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
SV1) ; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
684.9124> WsExt-Trace: Jan 24 08 20:00:46 IsClientFormsCapable: Found
browser user agent -- forms capable.
684.9124> WsExt-Trace: Jan 24 08 20:00:46 GetServerPort: returning 0.
684.9124> WsExt-Trace: Jan 24 08 20:00:46 GetCanonicalizedUrl:
returning TRUE.
.684.9124> WsExt-Trace: Jan 24 08 20:00:46 IsClientAnOfficeApp: Url
has not been munged.
684.9124> WsExt-Trace: Jan 24 08 20:00:46 IsClientAnOfficeApp:
returning TRUE. UseTTP = FALSE
.684.9124> WsExt-Trace: Jan 24 08 20:00:46 CheckForAuthData : ENTER
684.9124> WsExt-Trace: Jan 24 08 20:00:46 CheckForAuthData: GET
Request Method
684.9124> WsExt-Trace: Jan 24 08 20:00:46 CheckForAuthData : This GET
is not a signin message. Passing the request through.
684.9124> WsExt-Trace: Jan 24 08 20:00:46 GetCookieInfo: Enter
684.9124> WsExt-Trace: Jan 24 08 20:00:46 GetCookieInfo: Cookie md
value - (/OpenScape/Portals/ntlm)
684.9124> WsExt-Trace: Jan 24 08 20:00:46 GetCookieInfo: Enter
684.9124> WsExt-Trace: Jan 24 08 20:00:46 GetCookieInfo: Cookie md
value - ( )
684.9124> WsExt-Warn: Jan 24 08 20:00:46 WebSSOExtensionProc: WARNING
Cookie domain is blank.
684.9124> WsExt-Trace: Jan 24 08 20:00:46 CheckForWebSSOCookie : ENTER
684.9124> WsExt-Trace: Jan 24 08 20:00:46 CheckForWebSSOCookie : No
auth cookie found
684.9124> WsExt-Trace: Jan 24 08 20:00:46 WebSSOExtensionProc : Using
the special header from the filter for the final URL.
684.9124> WsExt-Trace: Jan 24 08 20:00:46 Redirecting to the Logon
Server : LS URL - https://omsfs31.acnos.com/adfs/ls/
684.9124> WsExt-Trace: Jan 24 08
20:00:46 Final URL -
https://omsos2.acnos.com/OpenScape/Portals/ntlm/default.aspx
684.9124> WsExt-Trace: Jan 24 08
20:00:46 Home Realm -
urn:federation:acnoms
684.9124> WsExt-Trace: Jan 24 08 20:00:46 GetReturnUrl: Return Url -
https://omsos2.acnos.com/OpenScape/Portals/ntlm/
684.9124> WsExt-Trace: Jan 24 08 20:00:46 RedirectToLogonServer :
ENTER
684.9124> WsFilt-Warn: Jan 24 08 20:00:46 OnSendResponse: GetHeader
xADFSUserNameHdr: failed with 1413. Extension may not be
configured or user may be Anonymous user. Continuing without setting
cs-username.
684.9124> WsFilt-Trace: Jan 24 08 20:00:46 OnSendResponse: returning
0. Username - NULL.
684.9124> WsFilt-Trace: Jan 24 08 20:01:05 GetServerPort: returning 0.
684.9124> WsFilt-Trace: Jan 24 08 20:01:05 SetWebSsoAuthHeader:
returning 0.
684.9124> WsFilt-Trace: Jan 24 08 20:01:05 SetFilterCtxHeader:
returning 0.
684.9124> WsFilt-Trace: Jan 24 08 20:01:05 OnPreProcHeaders: returning
0.
684.3752> WsExt-Trace: Jan 24 08 20:01:05 HttpExtensionProc : ENTER
684.3752> WsExt-Trace: Jan 24 08 20:01:05 GetCustomHeader: returning
TRUE. Found custom header: TRUE
684.3752> WsExt-Trace: Jan 24 08 20:01:05 IsClientFormsCapable: User
agent is Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
SV1) ; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
684.3752> WsExt-Trace: Jan 24 08 20:01:05 IsClientFormsCapable: Found
browser user agent -- forms capable.
684.3752> WsExt-Trace: Jan 24 08 20:01:05 GetServerPort: returning 0.
684.3752> WsExt-Trace: Jan 24 08 20:01:05 GetCanonicalizedUrl:
returning TRUE.
.684.3752> WsExt-Trace: Jan 24 08 20:01:05 IsClientAnOfficeApp: Url
has not been munged.
684.3752> WsExt-Trace: Jan 24 08 20:01:05 IsClientAnOfficeApp:
returning TRUE. UseTTP = FALSE
.684.3752> WsExt-Trace: Jan 24 08 20:01:05 CheckForAuthData : ENTER
684.3752> WsExt-Trace: Jan 24 08 20:01:05 CheckForAuthData : POST
Request Method - 5246
684.3752> WsExt-Trace: Jan 24 08 20:01:05 CheckContentType: Content
Type = application/x-www-form-urlencoded.
684.3752> WsExt-Trace: Jan 24 08 20:01:05 CheckContentType: returning
0. fIsUrlEncoded = TRUE.
684.3752> WsExt-Trace: Jan 24 08 20:01:05 UrlDecode: returning TRUE.
684.3752> WsExt-Trace: Jan 24 08 20:01:05 CheckForAuthData : POST -
received SignInResponse
684.3752> WsExt-Trace: Jan 24 08 20:01:06 GetCookieInfo: Enter
684.3752> WsExt-Trace: Jan 24 08 20:01:06 GetCookieInfo: Cookie md
value - (/OpenScape/Portals/ntlm)
684.3752> WsExt-Trace: Jan 24 08 20:01:06 GetCookieInfo: Enter
684.3752> WsExt-Trace: Jan 24 08 20:01:06 GetCookieInfo: Cookie md
value - ( )
684.3752> WsExt-Warn: Jan 24 08 20:01:06 WebSSOExtensionProc: WARNING
Cookie domain is blank.
684.3752> WsExt-Trace: Jan 24 08 20:01:06 WebSSOExtensionProc : Auth
token was authenticated - will now redirect to final URL
with cookie
684.3752> WsExt-Trace: Jan 24 08 20:01:06 Redirecting to original Url
684.3752> WsExt-Trace: Jan 24 08 20:01:06 Final Url :
https://omsos2.acnos.com/OpenScape/Portals/ntlm/default.aspx
684.3752> WsExt-Trace: Jan 24 08 20:01:06 Cookie Path : /OpenScape/
Portals/ntlm
684.3752> WsExt-Trace: Jan 24 08 20:01:06 Cookie Domain : (null)
684.3752> WsExt-Trace: Jan 24 08 20:01:06 WriteCookies: Enter
684.3752> WsFilt-Warn: Jan 24 08 20:01:06 OnSendResponse: GetHeader
xADFSUserNameHdr: failed with 1413. Extension may not be
configured or user may be Anonymous user. Continuing without setting
cs-username.
684.3752> WsFilt-Trace: Jan 24 08 20:01:06 OnSendResponse: returning
0. Username - NULL.
684.9124> WsFilt-Trace: Jan 24 08 20:01:06 GetServerPort: returning 0.
684.9124> WsFilt-Trace: Jan 24 08 20:01:06 SetWebSsoAuthHeader:
returning 0.
684.9124> WsFilt-Trace: Jan 24 08 20:01:06 SetFilterCtxHeader:
returning 0.
684.9124> WsFilt-Trace: Jan 24 08 20:01:06 OnPreProcHeaders: returning
0.
684.9124> WsExt-Trace: Jan 24 08 20:01:06 HttpExtensionProc : ENTER
684.9124> WsExt-Trace: Jan 24 08 20:01:06 GetCustomHeader: returning
TRUE. Found custom header: TRUE
684.9124> WsExt-Trace: Jan 24 08 20:01:06 IsClientFormsCapable: User
agent is Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
SV1) ; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
684.9124> WsExt-Trace: Jan 24 08 20:01:06 IsClientFormsCapable: Found
browser user agent -- forms capable.
684.9124> WsExt-Trace: Jan 24 08 20:01:06 GetServerPort: returning 0.
684.9124> WsExt-Trace: Jan 24 08 20:01:06 GetCanonicalizedUrl:
returning TRUE.
.684.9124> WsExt-Trace: Jan 24 08 20:01:06 IsClientAnOfficeApp: Url
has not been munged.
684.9124> WsExt-Trace: Jan 24 08 20:01:06 IsClientAnOfficeApp:
returning TRUE. UseTTP = FALSE
.684.9124> WsExt-Trace: Jan 24 08 20:01:06 CheckForAuthData : ENTER
684.9124> WsExt-Trace: Jan 24 08 20:01:06 CheckForAuthData: GET
Request Method
684.9124> WsExt-Trace: Jan 24 08 20:01:06 CheckForAuthData : This GET
is not a signin message. Passing the request through.
684.9124> WsExt-Trace: Jan 24 08 20:01:06 GetCookieInfo: Enter
684.9124> WsExt-Trace: Jan 24 08 20:01:06 GetCookieInfo: Cookie md
value - (/OpenScape/Portals/ntlm)
684.9124> WsExt-Trace: Jan 24 08 20:01:06 GetCookieInfo: Enter
684.9124> WsExt-Trace: Jan 24 08 20:01:06 GetCookieInfo: Cookie md
value - ( )
684.9124> WsExt-Warn: Jan 24 08 20:01:06 WebSSOExtensionProc: WARNING
Cookie domain is blank.
684.9124> WsExt-Trace: Jan 24 08 20:01:06 CheckForWebSSOCookie : ENTER
684.9124> WsExt-Trace: Jan 24 08 20:01:06 CheckForWebSSOCookie : Found
auth cookie
684.9124> WsExt-Trace: Jan 24 08 20:01:06
WsExtCookieCacheLookupAndDuplicateToken: Cache lookup time = 0 ms
684.9124> WsExt-Trace: Jan 24 08 20:01:06 CheckForS4UCookie : Try and
authenticate cookie
684.9124> WsExt-Trace: Jan 24 08 20:01:06 AuthenticateWebSSOToken :
ENTER
684.9124> WsExt-Trace: Jan 24 08 20:01:07 AuthenticateWebSSOToken :
VerifyToken Succeeded - AD8
684.9124> WsExt-Trace: Jan 24 08 20:01:07 New cache entry (7654
bytes); Current cache size = 2 elements
684.9124> WsExt-Trace: Jan 24 08 20:01:07 Cache insertion time = 0 ms
684.9124> WsExt-Trace: Jan 24 08 20:01:07 CheckForWebSSOCookie :
SUCCESS
684.9124> WsExt-Trace: Jan 24 08 20:01:07 Found cookie and have a
token - ad8.
684.9124> WsExt-Trace: Jan 24 08 20:01:07 CallExecUrl: Enter.
684.9124> WsUtils-Trace: WsGetAccountName: returning 0. User Name:
urn:federation:acnoms\joann.carter@xxxxxxxxxx
684.9124> WsUtils-Trace: WsSetUserNameHeader: returning 0.
684.3752> WsFilt-Trace: Jan 24 08 20:01:07 GetServerPort: returning 0.
684.3752> WsFilt-Trace: Jan 24 08 20:01:07 SetWebSsoAuthHeader:
returning 0.
684.3752> WsFilt-Trace: Jan 24 08 20:01:07 SetFilterCtxHeader:
returning 0.
684.3752> WsFilt-Trace: Jan 24 08 20:01:07 OnPreProcHeaders: returning
0.
684.10612> WsFilt-Warn: Jan 24 08 20:01:07 OnSendResponse: GetHeader
xADFSUserNameHdr: failed with 1413. Extension may not be
configured or user may be Anonymous user. Continuing without setting
cs-username.
684.10612> WsFilt-Trace: Jan 24 08 20:01:07 OnSendResponse: returning
0. Username - NULL.
684.3752> WsFilt-Trace: Jan 24 08 20:01:07 GetServerPort: returning 0.
684.3752> WsFilt-Trace: Jan 24 08 20:01:07 SetWebSsoAuthHeader:
returning 0.
684.3752> WsFilt-Trace: Jan 24 08 20:01:07 SetFilterCtxHeader:
returning 0.
684.3752> WsFilt-Trace: Jan 24 08 20:01:07 OnPreProcHeaders: returning
0.
684.10612> WsFilt-Warn: Jan 24 08 20:01:07 OnSendResponse: GetHeader
xADFSUserNameHdr: failed with 1413. Extension may not be
configured or user may be Anonymous user. Continuing without setting
cs-username.
684.10612> WsFilt-Trace: Jan 24 08 20:01:07 OnSendResponse: returning
0. Username - NULL.
684.3664> WsFilt-Trace: Jan 24 08 20:01:07 OnSendResponse: returning
0. Username -
urn:federation:acnoms\joann.carter@xxxxxxxxxxx
684.3752> WsFilt-Trace: Jan 24 08 20:01:07 OnLog: Username set -
urn:federation:acnoms\joann.carter@xxxxxxxxxxx
684.3752> WsFilt-Trace: Jan 24 08 20:01:07 GetServerPort: returning 0.
684.3752> WsFilt-Trace: Jan 24 08 20:01:07 SetWebSsoAuthHeader:
returning 0.
684.3752> WsFilt-Trace: Jan 24 08 20:01:07 SetFilterCtxHeader:
returning 0.
684.3752> WsFilt-Trace: Jan 24 08 20:01:07 OnPreProcHeaders: returning
0.
---------------------------------------------------------------------------------
---------------------------------------------------------------------------------
-------------------------------------------------------------------------------
.
- Follow-Ups:
- References:
- Prev by Date: Re: Group Scope question relating to group nesting
- Next by Date: Re: Server Crash when adding.
- Previous by thread: ADFS Web Server retrieving incorrect User name from ADFS resource server
- Next by thread: Re: ADFS Web Server retrieving incorrect User name from ADFS resource server
- Index(es):
Relevant Pages
|
