Compatibility ADFS 2.0 with ADFS 2.1 proxy server

Hi,
I'll install an ADFS proxy server to support an internal ADFS (Server 2008 R2) environment.
Because of the huge differences between ADFS on Server 2008 R2 and 2012 R2, I'll install the proxy server it on a 2012 server (not R2).
Are there any known things to take in mind when using a config like this?
My preferred option would be to use 2008 R2 too for proxy, but it's quite EOL.

I am not 100% sure what you are doing. But let me be extremely explicit: Use a proxy of the same OS and ADFS version as the ADFS server. Make sure they have the same patches etc. Do not mix the versions.
There are too many subtle differences (if the mix works at all). If you don't want to use 2012R2 then use both ADFS and its proxy on 2012.
Paul Lemmers

Similar Messages

Unable to run ADF Project Using with Jdev 10 and Weblogic server 9.2

Dear All,
I am unable to run ADF Project on Weblogic Server 9.2. I am created Sample Project with ADF Control. This was when we create jsp at that time i am selected libraries ADF. After created war file. This war i am deploying into Server. At that time i am getting error java.lang.noclassfound error.
so please tell me how we can run these application.
Regards,
Suresh.V

Hard to help you here. JDev 10 used to work with OAS 10g as application server. This does not mean that you can't use Weblogic9.2, but because it is not the default configuration you may have some problems doing this.
One problem is that you need to install the ADF runtime libraries in the WLS 9.2 server, but there is no installer I know of. You can try to deploy the needed libraries together with your app, but you have to figure out which libraries you need.
Next thing is that you should deploy an EAR instead of a WAR.
Timo

Little help please with forwarding traffic to proxy server!

hi all, little help please with this error message
i got this when i ran my code and requested only the home page of the google at my client side !!
GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; .NET CLR 2.0.50727)
Host: www.google.com
Connection: Keep-Alive
Cookie: PREF=ID=a21457942a93fc67:TB=2:TM=1212883502:LM=1213187620:GM=1:S=H1BYeDQt9622ONKF
HTTP/1.0 200 OK
Cache-Control: private, max-age=0
Date: Fri, 20 Jun 2008 22:43:15 GMT
Expires: -1
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Server: gws
Content-Length: 2649
X-Cache: MISS from linux-e6p8
X-Cache-Lookup: MISS from linux-e6p8:3128
Via: 1.0
Connection: keep-alive
GET /8SE/11?MI=32d919696b43409cb90ec369fe7aab75&LV=3.1.0.146&AG=T14050&IS=0000&TE=1&TV=tmen-us%7Cts20080620224324%7Crf0%7Csq38%7Cwi133526%7Ceuhttp%3A%2F%2Fwww.google.com%2F HTTP/1.1
User-Agent: MSN_SL/3.1 Microsoft-Windows/5.1
Host: g.ceipmsn.com
HTTP/1.0 403 Forbidden
Server: squid/2.6.STABLE5
Date: Sat, 21 Jun 2008 01:46:26 GMT
Content-Type: text/html
Content-Length: 1066
Expires: Sat, 21 Jun 2008 01:46:26 GMT
X-Squid-Error: ERR_ACCESS_DENIED 0
X-Cache: MISS from linux-e6p8
X-Cache-Lookup: NONE from linux-e6p8:3128
Via: 1.0
Connection: close
java.net.SocketException: Broken pipe // this is the error message
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
at java.net.SocketOutputStream.write(SocketOutputStream.java:115)
at java.io.DataOutputStream.writeBytes(DataOutputStream.java:259)
at SimpleHttpHandler.run(Test77.java:61)
at java.lang.Thread.run(Thread.java:595)
at Test77.main(Test77.java:13)

please could just tell me what is wrong with my code ! this is the last idea in my G.p and am havin difficulties with that cuz this is the first time dealin with java :( the purpose of my code to forward the http traffic from client to Squid server ( proxy server ) then forward the response from squid server to the clients !
thanx a lot,
this is my code :
import java.io.*;
import java.net.*;
public class Test7 {
public static void main(String[] args) {
try {
ServerSocket serverSocket = new ServerSocket(1416);
while(true){
System.out.println("Waiting for request");
Socket socket = serverSocket.accept();
new Thread(new SimpleHttpHandler(socket)).run();
socket.close();
catch (Exception e) {
e.printStackTrace();
class SimpleHttpHandler implements Runnable{
private final static String CLRF = "\r\n";
private Socket client;
private DataOutputStream writer;
private DataOutputStream writer2;
private BufferedReader reader;
private BufferedReader reader2;
public SimpleHttpHandler(Socket client){
this.client = client;
public void run(){
try{
this.reader = new BufferedReader(
new InputStreamReader(
this.client.getInputStream()
InetAddress ipp=InetAddress.getByName("192.168.6.29"); \\ my squid server
System.out.println(ipp);
StringBuffer buffer = new StringBuffer();
Socket ss=new Socket(ipp,3128);
this.writer= new DataOutputStream(ss.getOutputStream());
writer.writeBytes(this.read());
this.reader2 = new BufferedReader(
new InputStreamReader(
ss.getInputStream()
this.writer2= new DataOutputStream(this.client.getOutputStream());
writer2.writeBytes(this.read2());
this.writer2.close();
this.writer.close();
this.reader.close();
this.reader2.close();
this.client.close();
catch(Exception e){
e.printStackTrace();
private String read() throws IOException{
String in = "";
StringBuffer buffer = new StringBuffer();
while(!(in = this.reader.readLine()).trim().equals("")){
buffer.append(in + "\n");
buffer.append(in + "\n");
System.out.println(buffer.toString());
return buffer.toString();
private String read2() throws IOException{
String in = "";
StringBuffer buffer = new StringBuffer();
while(!(in = this.reader2.readLine()).trim().equals("")){
buffer.append(in + "\n");
System.out.println(buffer.toString());
return buffer.toString();
Edited by: Tareq85 on Jun 20, 2008 5:22 PM

Issue with Sun Java Web Proxy Server

I am using Sun Java Web Proxy Server to test my webservice in https mode.(SSL mode).When i test the webservice in http mode,its working fine,but when I test it in SSL mode ,it is giving the following error:
Unable to tunnel through localhost:8082. Proxy returns "HTTP/1.1 403 Proxy denies fulfilling the request"
When I am requesting the webservice using the following parameters:
a)-Dcom.yodlee.soap.services.url=https://localhost:1080/yodsoap/services
b)-Dyodlee.sdk.https.proxyHost=localhost
c)-Dyodlee.sdk.https.proxyPort=8082
d)-Dcom.yodlee.soap.client.http11Enabled=1
this parameters is used to set the client http connection to HTTP1.1 by setting the HTTP_TRANSPORT_VERSION.
Detailed error message is as follows:
Caused by: java.io.IOException: Unable to tunnel through localhost:8082. Proxy returns "HTTP/1.1 403 Proxy denies fulfilling the request"
     at org.apache.axis.AxisFault.makeFault(AxisFault.java:129)
     at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:131)
     at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
     at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
     at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
     at org.apache.axis.client.AxisClient.invoke(AxisClient.java:180)
     at org.apache.axis.client.Call.invokeEngine(Call.java:2492)
     at org.apache.axis.client.Call.invoke(Call.java:2481)
     at org.apache.axis.client.Call.invoke(Call.java:2176)
     at org.apache.axis.client.Call.invoke(Call.java:2099)
     at org.apache.axis.client.Call.invoke(Call.java:1622)
     at com.yodlee.soap.core.login.CobrandLoginSoapBindingStub.loginCobrand(CobrandLoginSoapBindingStub.java:225)
     at com.yodlee.soap.core.login.CobrandLoginSoapClientProxy.loginCobrand(CobrandLoginSoapClientProxy.java:119)
     ... 1 more
Caused by: java.io.IOException: Unable to tunnel through localhost:8082. Proxy returns "HTTP/1.1 403 Proxy denies fulfilling the request"
     at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:197)
     at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:157)
     at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:114)
     ... 12 more
This error message shows that its not able to get the socket connection to the server.Can anyone tell me the reason of it.
If you need any more info do let me know.
Regards,
Somendra

First of all, is there a reason why you are using jRockit?
Since the issue appeared after upgrading the windows, the issue would potentially be in the interaction between JVM and OS.
Also, there were some issues related to memory leak that were fixed in AS 8.2.
May be you should try with a Sun JVM and AS 8.2.

How-To Access ADF application module with ADF faces

Sorry for the repost but I don't get answer in the other Thread.
If you look in this little demo you see that you get the DCBindingContainer bc = getBindingContainer(); initialization, but my method getBindingContainer(); gives back null.
What could be the problem with this? Should I make some changes in preferences or something like that?
I work with JDeveloper 1013
Greetings Thijs

Steve Muench made an example of that on his blog, here is the url for the source download: http://otn.oracle.com/products/jdev/tips/muench/accessbindingsinbackingbean/AccessAppModuleInBackingBean.zip
There's one canveat to this technique however. #{binding} seems to be stored in requestScope and therefore can only be injected in request or none scoped managed beans.
Regards,
Simon Lessard

I just recieved my Iphone yesterday, and today I was reading somthing off of Safari and recieved "error:there was a problem communicating with the secure web proxy server (HTTPS)" .Now I get this whenever I try opening any of my apps. Even my facebook app

I have never done this before so I do not know if I am even doing this correctly. Anyways, I cleared my history and cookies! I even deleted many apps thinking it might of been from them. I have even turned my phone off for a good thirty minutes. THe last thing I did was set my network settings to default.
I dont know what to do. Since I changed my network settings to default I turned my phone off again. I might just restore all setting to default and go from there..and if this doesnt work, I will just return the iphone for a different one I guess.
this is from my IPHONE4s

Attached is Dennis Linam’s Audition – “Log File” and “Log – Last File”
Contact information Dennis [email protected]
Previous contact information with your organization (DURIM):
Dennis - i just finished my audition trial and bought the subscription the 2014 version.
created by durin in Audition CS5.5, CS6 & CC - View the full discussion
DURIM - Okay. I would expect the "Cache Warning" message because your default directories would not be the same as the ones in the settings file I generated.
If you go back to the "7.0" directory and open the "Logs" folder, can you copy the "Audition Log.txt" file and send it as an attachment to [email protected]? We'll take a look in that logfile and see if it gives us more information about why this is failing now.
Also, do you have any other Adobe applications installed on this machine, such as Premiere Pro? If so, do they launch as expected or fail as well?
I do have the trial Pro version of Adobe reader, but I have not activated it, because I fear the same thing will happen did it. I cannot afford to activate the subscription for that product and take the chance of it not working either. I depend on those two programs religiously. Here is the files that you requested. I appreciate any help you can give me to get this audition program started
Audition Log- file
Ticks = 16 C:\Program Files (x86)\Common Files\Adobe\dynamiclink\7.0\dynamiclinkmanager.exe
Sent from Windows Mail

WSA Deployment with existing MS TMG Proxy Server

Hello,
I am interesting if it is possible to deploy WSA in front on MS TMG server. So from user perspective first will be TMG server and second will be WSA. USER LAN ---à TMG --à WSA---à.INTERNET.
If it is possible, how authentication will be handled ?

I don't know if TMG and deal with an upstream proxy, but presumably, the TMG would auth the user, then the request would be handled by the WSA, and you wouldn't require the TMG to auth to the WSA...
I do know that the WSA can be configured to use an upstream proxy, from the menu Network>Upstream Proxy. In that case, have the users auth to the WSA and then have the TMG trust any connections from the WSA...
Trying to do auth on both just sounds like you're looking for a world of complications...

I have not able to connect with itune store via proxy server - I have upgraded the itunes 11.04 version - Any one knows how to solve this problem

Appreciate if any one help me out to solve this problem ?

Open the Keychain Access in the /Applications/Utilities/ folder and create a new keychain, giving it the name login.
(25187)

Issue with using Sun Java Proxy Server

We are trying to access the WebService using the Sun Proxy Server.
When I access the WebService through proxy ,I find the error message in proxy error log as
[18/Oct/2005:19:10:40] failure ( 1288): for host 127.0.0.1 trying to POST http://localhost:1080/yodsoap/services/CobrandLogin, service-http reports: HTTP7760: error reading request body (Client closed connection)
and the access log is as follows:
POST http://localhost:1080/yodsoap/services/CobrandLogin HTTP/1.1" 400 147
But when i see the WebServer access log for the same WebService POST /yodsoap/services/CobrandLogin HTTP/1.1" 200 1783 "-" "Axis/1.1RC1"
This case is happening when the request is compressed for the webservice. and the request headers are as follows:
POST /yodsoap/services/CobrandLogin HTTP/1.1
Content-Type: text/xml; charset=utf-8
Accept: application/soap+xml, application/dime, multipart/related, text/*
User-Agent: Axis/1.1RC1
Host: 127.0.0.1
Cache-Control: no-cache
Pragma: no-cache
SOAPAction: "loginCobrand"
Content-Length: 1412
Connection: close
Content-Encoding: gzip
And the response headers are as follows:
HTTP/1.1 200 OK
Server: Resin/3.0.8
Content-Type: text/xml; charset=utf-8
Transfer-Encoding: chunked
Date: Tue, 18 Oct 2005 13:41:50 GMT
So ,we found out that if we dont use the proxy server,then the WebService is working properly,but if we start using the proxy server,we are encountering HTTP400 error.
Any ideas will help out to solve this problem..???
Thankz in advance.
Regards,
Somendra

This is what I see in the error message:
ProxyFactory initialized in SOAP_CLIENT_MODE
System property : com.yodlee.soap.client.log4j.config not found. Using the default config resource : com.yodlee.util.soap.log4j
ProxyFactory initialized in SOAP_CLIENT_MODE
System property : com.yodlee.soap.client.log4j.config not found. Using the default config resource : com.yodlee.util.soap.log4j
HTTP Header name and value is HTTP/1.1 400 Bad request
HTTP Header name and value is Server Sun-Java-System-Web-Proxy-Server/4.0
HTTP Header name and value is Date Tue, 18 Oct 2005 14:56:21 GMT
HTTP Header name and value is Connection close
com.yodlee.core.CoreRemoteException: org.xml.sax.SAXException: Bad envelope tag: HTML
     at com.yodlee.soap.core.login.CobrandLoginSoapClientProxy.loginCobrand(CobrandLoginSoapClientProxy.java:132)
     at SoapClient.main(SoapClient.java:45)
Caused by: org.xml.sax.SAXException: Bad envelope tag: HTML
     at org.apache.axis.AxisFault.makeFault(AxisFault.java:129)
     at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:543)
     at org.apache.axis.Message.getSOAPEnvelope(Message.java:376)
     at org.apache.axis.client.Call.invokeEngine(Call.java:2511)
     at org.apache.axis.client.Call.invoke(Call.java:2481)
     at org.apache.axis.client.Call.invoke(Call.java:2176)
     at org.apache.axis.client.Call.invoke(Call.java:2099)
     at org.apache.axis.client.Call.invoke(Call.java:1622)
     at com.yodlee.soap.core.login.CobrandLoginSoapBindingStub.loginCobrand(CobrandLoginSoapBindingStub.java:225)
     at com.yodlee.soap.core.login.CobrandLoginSoapClientProxy.loginCobrand(CobrandLoginSoapClientProxy.java:119)
     ... 1 more
Caused by: org.xml.sax.SAXException: Bad envelope tag: HTML
     at org.apache.axis.message.EnvelopeBuilder.startElement(EnvelopeBuilder.java:107)
     at org.apache.axis.encoding.DeserializationContextImpl.startElement(DeserializationContextImpl.java:934)
     at org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1635)
     at org.apache.crimson.parser.Parser2.parseInternal(Parser2.java:634)
     at org.apache.crimson.parser.Parser2.parse(Parser2.java:333)
     at org.apache.crimson.parser.XMLReaderImpl.parse(XMLReaderImpl.java:448)
     at javax.xml.parsers.SAXParser.parse(SAXParser.java:345)
     at org.apache.axis.encoding.DeserializationContextImpl.parse(DeserializationContextImpl.java:230)
     at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:538)
     ... 9 more

Any date for jdeveloper 10.1.3 beta with adf features

Hi Jdeveloper team,
Is there any date we can expect the next jdeveloper 10.1.3 beta with more complete adf features ? I'm currently evaluating the technology stack+tool to use for our next project ( preferably jsf based ), the lack of an adf faces release with adf databinding and adf bc features means I can't do a complete evaluation of 10.1.3 now.
Regards,
Low

Low,
we don't have a date for a preview release of Oracle JDeveloper 10.1.3 with ADF. Our intention is to release a preview version on OTN as soon as possible and if possible.
Frank

Software compatibility About ORACLE BC and ADF 11g with Sybase Database

I am using jdeveloper 11g xxx.0.2, and our company is using Sybase 12.x ASE. Our team chose Jdeveloper 11g and BC with ADF as our architecture. But during about 2 months, we found the bug (just with sybase db server) becomes more and more, strange, the dialect which we can choose does not have sybase (the have Oracle,Sql Server,DB2,SQL92 and others), we now have the only one way -- to choose SQL 92. But many bugs or other problem comes out, sometimes we event have to write lots of codes to realise a very very simple function. is that all because there's no sybase dialect or i guess the sqlbuilder for sybase database? Someone can explain why? or can help me go through the trouble? We need your help!!!!!!

Thanks for reply, we can not change our tech now, and could you please show me a way? should I extend baseSqlBuilderImpl and override some important methods there to generate sql suitable in sybase?
I have override the sql generate method and the lov bug was fixed( The bug is IT recognize int var as a string var, and uses like instead of =), but we still can't fix view criteria, the default declarative view criteria can not run most time. And i don't know why. can adf support team to do a enhancement for sybase? Thanks a lot
Edited by: Roger Liu on Oct 29, 2009 6:10 AM

Configuring WL 10.3.5 with ADF 10.1.3.4 and 11.1.1.5

Hi all,
I am quiet new to WebLogic and trying to learn it by reading documentation available online.I need to create two domain(weblogic 10.3.5),one with ADF 10.1.3.4 and other with 11.1.1.5.
If anyone has idea Please do reply.Please also write about any compatibility or any other issues.
Thx-
rakesh

the link was provided for some understanding or multiple domains..
this link will provide you some information about Extending your WebLogic standalone environment with ADF runtime libraries
http://blog.whitehorses.nl/2010/01/06/extending-your-weblogic-standalone-environment-with-adf-runtime-libraries/
adf 10 on weblogic 10.3
http://blog.fekw.de/2008/08/23/howto-install-adf-10-runtime-and-deploy-adf-bc-app-to-oracle-weblogic-103-running-on-linux/
The runtime libraries can be installed from a standalone installer
http://www.oracle.com/technetwork/developer-tools/adf/downloads/index.html
http://www.oracle.com/technetwork/developer-tools/jdev/adf-runtime-update-howto-089262.html
cn chk this also
ADF Runtime 11.1.2 with Weblogic 10.3.5 Unresolved Webapp Library reference

Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

I would love some help with this issue. I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0 I have a test account set up with lab.acme.com to use the ACS.
When I log into my site using Windows Auth, everything is great. However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
to use to log in and after 3-5 second
and return me the logon page with error message “Authentication failed”
I base my setup on the technet article
http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
I validated than all my certificate are valid and able to retrieve the crl
I got in eventlog id 300
The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Additional Data
Exception details:
Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
correctly, but one of the CA certificates is not trusted by the policy provider.
at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
serializationContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
trustNamespace, AsyncCallback callback, Object state)
System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
thx
Stef71

This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
on my case was :
PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
cer\SP2K10\ad0001.cer")
PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
Certificate : [Subject]
CN=domain.AD0001CA, DC=domain, DC=com
[Issuer]
CN=domain.AD0001CA, DC=portal, DC=com
[Serial Number]
blablabla
[Not Before]
22/07/2014 11:32:05
[Not After]
22/07/2024 11:42:00
[Thumbprint]
blablabla
Name : domain.ad0001
TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName : domain.ad0001
Id : blablabla
Status : Online
Parent : SPTrustedRootAuthorityManager
Version : 17164
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
cer\SP2K10\ADFS_Signing.cer")
PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
Certificate : [Subject]
CN=ADFS Signing - adfs.domain
[Issuer]
CN=ADFS Signing - adfs.domain
[Serial Number]
blablabla
[Not Before]
23/07/2014 07:14:03
[Not After]
23/07/2015 07:14:03
[Thumbprint]
blablabla
Name : Token Signing Cert
TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName : Token Signing Cert
Id : blablabla
Status : Online
Parent : SPTrustedRootAuthorityManager
Version : 17184
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\Users\administrator.PORTAL>

Help required with ADFS 3.0 client certificate authentication

Hi,
I am currently working on integrating ADFS 3.o for Single Sign On to some 3rd party services along with PKI solution. The basic requirement is that I should be able to choose client authentication certificate as an authentication method in ADFS and then
federate user credentials to 3rd party trust for single-sign-on.
I had done this successfully with ADFS 2.0 and that setup is working fine. I have the setup as ADFS 3.0 client authentication method enabled. When I open browser to logon, the ADFS 3.0 page displays a message as "Select a certificate that you want to
use for authentication. If you cancel the operation, please close your browser and try again." but the certificates are not displayed for selection.
The certificates are valid and have valid chaining to CA. Could someone help me resolve this issue?
Thanks!
-Chinmaya Karve

Hi Yan,
Thanks for your response. I have gone through the posts that you have suggested, and my setup looks pretty much as expected.
So, as I mentioned earlier, I have 2 parallel setups with 3rd party service(SalesForce). Once of them is running ADFS 2.0 and another one has ADFS 3.0. I can logon to the third-party services, from both the setups using username/format. I can logon to SF
using client authentication certificate from ADFS 2.0 setup, but from the same client machine, when I try to logon SF via ADFS 3.0, the browser just does not pick up any certificate. The page just shows message of "Select a certificate that you want to use
for authentication. If you cancel the operation, please close your browser and try again.".
I have checked the browser, and it has the right certificates. Also, the same browser/machine is used to logon to SF through ADFS 2.0 via client certificate, which works just fine !
I am really confused now, as to whose issue this really is...
Just to confirm, I am using Certificate Authentication from ADFS 3.0 Authentication Methods for both Intranet and Extranet.
Any suggestion or inputs where I could have gone wrong in the setup?
Thanks!

Problem with ADF Security / SQL Authenticator after upgrade to 11.1.1.6

Hi,
We have an ADF application built with JDeveloper 11.1.1.2 that's been in production for a couple of years. Now we are in the process of upgrading to 11.1.1.6 so I have upgraded WLS and ADF in a test environment and re-deployed the application there. The application uses users and groups from database using SQL Authenticator configured in WLS. This worked fine in the old version but now after the upgrade we can't log in with credentials from the database. I can log in if I add a user to the default authenticator. We didn't touch any of the authenticator settings or security realm configurations during the upgrade. Both authenticators are marked as SUFFICIENT, as they have always been.
Has something changed in the way SQL Authenticator is used since 11.1.1.2? What could be the problem?
Regards,
Joonas

Answering myself here: after recreating the SQL Authenticator and the ADF Security configuration logins are working again. Don't know where the problem was though.

Compatibility ADFS 2.0 with ADFS 2.1 proxy server

Similar Messages

Maybe you are looking for