Issue with Microsoft ADFS + DUO + VMware vSphere - adfs

I’ve recently started a new DUO account to trial a setup with DUO, Microsoft ADFS and VMware vSphere.
Currently the base setup (ADFS+vSphere) is deployed and working alright, meaning that vSphere is able to authenticate through ADFS. But as soon as I introduce DUO in the equation, I get the following error in ADFS:
• Error details: MSIS7065: There are no registered protocol handlers on path /adfs/oauth2/authorize/ to process the incoming request.
The setup has the following versions:
vSphere 7.0.3.00700
Windows Server 2019 with ADFS
DUO duo-adfs3-2.0.0
To be clear, I do receive the pop-up in my device from DUO when attempting to login, and the redirect to DUO (api-XXXXXXXX.duosecurity.com in my case) is working, the issue seems to be when returning to ADFS, I get the above error.
It’s not clear to me where (in what component) the error is.
I’ve seen a blog post from VMware stating that this setup works (https://blogs.vmware.com/customer-experience-and-success/2022/06/tam-lab-enabling-mfa-in-vsphere-7.html) but it is from June 2022, when frameless DUO still wasn’t implemented.
The implementation also follows the blog post above, or rather, the videos from it.
Would you be able to further provide troubleshooting steps for this issue?
Kind regards.

I had a similar issue recently during the VCenter and Duo integration for both the Server and the OAuth App.
I installed and configured Duo as a first step follow the similar TAM Video
The next step I did was to enable IdPInitiatedSign On by running this command
Set-AdfsProperties -EnableIdPInitiatedSignonPage $true
Then configure the Server Application SSO from the same TAM Instruction Video
Then carry on Configuring the OAuth Application for PowerCLI.

Related

"Adding sign-in with Microsoft" example does not work on my working VDI

Good day everyone!
Background: I have old legacy ASP.NET MVC on premise application running on local windows IIS. I'm investigating ways to integrate this application with Azure AD authentication. As far as I can understand (Windows IIS integration with Azure AD) it's not possible to do it directly because of the Azure AD authentication can be added at the application level only. So I'm thinking integrating one of the MSAL library for adding Azure AD authentication.
Using this windows manual (Quickstart: Add sign-in with Microsoft to a web app), I've downloaded sample windows application (ASP.NET code sample) from this learn page and tried to run it within the Visual Studio 2022 in debug mode on my azure virtual work machine (based on VDI platform).
And Azure AD authentication does not work. When I click "Sign in with windows" button on the start application page, I get the error:
Server Error in '/' Application.The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly.
Requested URL: /login.aspx
This sample works fine on my local laptop in exactly the same state. I suggest that any security utilities might be the reason, but I don't know how to check it. I can't disable security apps on my working machine, and maybe there are any restrictions on the network level I don't even know nothing about.
Could somebody suggest any ways to solve this problem? Or maybe still ways to find the reason of this problem?
Thank you in advanced!

Web Service error - Status 404 not found

I have created a web service in Visual Studio 2015 (web api) that listens out for requests via a barcode scanner. The barcode scanner links to a database that provides information such as stock quantities etc, but this is just for background information. The web service is currently installed on my local machine and works perfectly, returning the correct values and posts data to a database.
I attempted to install the web service onto a server, copying over similar settings in IIS (only have basic knowledge using this), such as the bindings and ensuring the permissions were set up correctly. However when running the web service I recieved a "404 not found error and 401 unauthorized". After that, I installed Visual Studio 2015 onto the server to ensure it wasn't a build or publish error...same problem.
Below are some of the 'fixes' I have tried to help narrow down the potential problem.
Ensured the correct version of .Net, 4.0, is installed on the server.
IIS Manager - Authentication: Annoymous Authentication set to enabled.
IIS Manager - Directly browsing: set to enabled.
Set the correct permissions using 'Edit Permissions', granted full control to 'Everyone'
This is my first time creating a web service so up until now I have been using tutorials and making it up as I go along. I think it could be to do with the application pools set up? But because the solution works on my local machine and not the server has me extremely confused. Thanks in advance.

Are there any pre-reqs for using Azure AD with ASP.Net MVC on IIS

I have an ASP.Net MVC Web App that has been configured to use Azure AD for authentication. I have configured Azure AD with 2 Reply URLs - one localhost for development and one for production hosting. The site works fine running on my machine on localhost, using IIS Express through Visual Studio. It also runs fine on my machine (and other devs machine's also) when using full blown IIS and the full domain name (mapped locally to my machine through the hosts file). However, if I try to deploy the exact same codebase to a host server (Win 2012 R2 / IIS 8.5 / .Net 4.5) the authentication doesn't work. This is using the exact same URL as works on IIS on my machine.
Does anyone have any ideas what might be preventing my app from running on the server? I have no error messages to go on. After the Azure AD login page I get redirected back to my app where it cycles for a minute or so and just remains a white screen. I have now tried it on 2 separate host servers and got the same result.
Hopefully someone can help, I really need to get this working. Should this just work?
Thanks.
The problem seemed to be just with the one server. I got the process working on other servers and an Azure website. I didn't get to the bottom of what the actual root cause was.

ESB Management Console (ESB Toolkit 2.1) not showing data

I successfully installed the ESB Toolkit 2.1 on top of BizTalk 2010.
Everything seems to work fine.
I created a sample app following Peter Kelcey's "BizTalk ESB Toolkit 2.0--Part 1: Dynamic Routing and UDDI Integration" (http://msdn.microsoft.com/en-us/biztalk/ee819071.aspx).
The message fails, but my problem is that I don't see anything in the ESB Management portal (or in the BAM portal, in the itinerary view).
I don't have any exception or anything, just no data.
I also checked the EsbExceptionDb database in SQL Server. And the connection strings in the portal web.config seem to be ok.
I must say that I installed the portal from the samples source, by rebuilding the solution and verifying all the configurations in IIS as per the documentation.
Thanks for any direction
Cos
Update on this:
I saw that I couldn't access the ESB.Exception.Service app from either VS or browsing from IIS
I rebuilt and republished the ESB.Exception.Service app.
Now the localhost/ESB.Exceptions.Service/ responds properly.
Also, I used the sample test app that calls the localhost/ESB.ExceptionHandlingServices/ExceptionHandling.asmx and now it is able to write to the database.
The ESB Portal shows the fault data now.
Basically rebuilding it fixed it, but I don't know what was wrong to start with.
Cos

Why isn't fiddler capturing request when invoking XMLRPC from iis?

I have a webapplication written in .NET, that utilizes CookComputing.XmlRpcV2 for xmlrpc-communication.
When I invoke my unit-tests in Visual Studio 2008, fiddler2 captures the actual xmlrpc-requests successfully, but when I'm running the actual application under IIS7 it shows nothing. I have verified that it actually invokes the xmlrpc-requests in my firewall, but I need to see the content of the requests for debugging purposes.
I have issued an iisreset with fiddler running in an attempt to see if IIS actually fetches proxysettings from WinINET upon app-start, but it didn't help.
Do IIS have it's own proxy-settings per app? Or if it's part of ASP.NET... I can't seem to find any information about it.
I could of course define my own proxy-server in the WebRequest somehow in code, but since I just want to utilize the proxy for debugging purposes, I'd rather find a simpler solution.
This is Vista, running iis7 with .NET 3.5 SP1. Fiddler2 version 2.1.9.2
The default proxy setting is per user. What identity is IIS running under?
Check out the answer to Setting Registry Key For All Users In C#. It refers to http://www.pctools.com/guides/registry/detail/1147/ which suggests creating a ProxySettingsPerUser registry setting and with a 0 DWORD value.

Resources