Hi All: I've searched the googles and came up short, so I'm reaching out to the group. We're having a problem with ADFS. We want to let $cloud.service to use ADFS to SSO authenticate users. We've exchanged metadata with $cloud.service and confirmed identities in the ADFS configuration, but we're still unable to get cloud service to load. We're presented with the error when trying to authenticate over SSO.
sso.[domain].com There was a problem accessing the site. Try to browse to the site again. If the problem persists, contact the administrator of this site and provide the reference number to identify the problem. Reference number: [session_number] When I check the ADFS Debug logs, I see a few errors that don't make sense to me and the googles only made the problem clear as mud: MSIS3020: The relying party trust with identifier '$cloud.service' could not be located. MSIS3055: The requested relying party trust '$cloud.service' is unspecified or unsupported. If a relying party trust was specified, it is possible the user does not have permission to access the relying party trust Detailed Exception before setting on http context 'Microsoft.IdentityServer.Web.RequestFailedException: An error occurred during the return of an error to the SAML Service Provider. ---> Microsoft.IdentityServer.Web.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. ---> System.ServiceModel.FaultException: The creator of this fault did not specify a Reason. at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClientManager.ProcessRequest(Message request) at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClient.ProcessRequest(MSISSamlRequest samlRequest) at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClient.ProcessRequest[T](MSISSamlRequest samlRequest) at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClient.CreateErrorMessage(HttpSamlMessage httpSamlMessage, SamlStatus status) at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SendSamlError(SamlStatus status) --- End of inner exception stack trace --- at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SendSamlError(SamlStatus status) at Microsoft.IdentityServer.Web.Dispatchers.SamlErrorDispatcher.DispatchInternal(PassiveContext context) --- End of inner exception stack trace ---'. I've checked and the relay party identified IS listed in the configuration The ADFS server is already utilizing SSO for another cloud.service and is working without issue. Server: Server 2008 R2 Enterprise Application: ADFS 2.0 Any troubleshooting steps would be appreciated. Thanks, Chris Chris Ferguson IT Manager, Infrastructure and Operations NEPC, LLC 255 State Street Boston, MA 02109 P: +1 (617) 374-1300 M: +1 (978) 257-9789 www.nepc.com YOU DEMAND MORE. So do we.
