ADFS authentication - adfs

We have a problem we're facing while trying to authenticate with ADFS,
We have two environments (dev and prod), both configured the same way, windows server 2012
In dev everything works fine, but in prod we are getting the following error:
Exception: The remote server returned an error: (401) Unauthorized.
Message: The HTTP request is unauthorized with client authentication
scheme 'Negotiate'. The authentication header received from the server
was 'Negotiate
oXAwbqADCgEBomcEZWBjBgkqhkiG9xIBAgIDAH5UMFKgAwIBBaEDAgEepBEYDzIwMTYwMjAyMTUyOTI2WqUFAgMM8+6mAwIBKakLGwlIUlQuTE9DQUyqGjAYoAMCAQGhETAPGw1TVkMtQURGUy1QUkQy'.
Inner Exception: The target principal name is incorrect
We don't know what to do, we've checked every ADFS configuration and everything looks fine.

An SAML trace using SAML tracer (FireFox extension : https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/) could be useful in your case to decode the SAML Request and Response in order gather more information about your issue.

Related

Porting from http to https in IIS

I have a problem while porting my site from http to https, expecially while I invoke any WS.
That are the steps I've follow:
Import certificate in IIS
Change security mode from "Message" to "TransportWithMessageCredential"
I got this error:
SecurityNegotiationException: The server certificate with name XXXXX failed identity verification
because its thumbprint ('XXXXXXX') does not match the one specified in the endpoint identity ('YYYYYY').
As a result, the current HTTPS request has failed.
Please update the endpoint identity used on the client or the certificate used by the server.
What's the problem ?
Could it be a problem of connections cache ?
How can I prevent it ?

Validating link in post-inspector linkedin in gives server error

When i try to validate the following page in the post inspector: https://www.cicomcopier.nl/nieuws/cicom-copier-levert-bijdrage-aan-de-ontwikkeling-en-realisatie-van-bellenschermen-tegen-verzilting-a-dam-rijnkanaal-en-noordzeekanaal/
I get the error: We encountered a server error while trying to inspect the URL.
and on the URL redirect trail i get: 0 undefined
I have no idea where to start debug this, is this a error on our side or linkedin side?
when i debug the URL using the facebook graph debugger everything seems to be right.
The problem in the end was the server from where I did the request wasn't setup correctly. Because from my side the site had a ssl installed and needed to do a ssl handshake with the LinkedIn server.
LinkedIn is made in java, and java has a more strict policy in validating the handshake. Because from my server setting the hostname for the ssl was not communicated correctly to LinkedIn there server did not validate the ssl and therefore could not connect to our server and receive a response. This ending in a unknown error on LinkedIn end of the site.

Unknown Error on Remote Server

I have a web api running on a remote server that I connect to over VPN in order to deploy updates.
I installed the Rewrite Module for IIS 7 and made a rule to rewrite http to https for all requests.
Suddenly I am getting this error when I attempt to acquire an authorization token (OAuth):
{
"error":"server_error",
"error_description":"Exception has been thrown by the target of an invocation."
}
And this message for any api endpoint:
I cannot for the life of me figure out what's going on. How can I get a more useful error message from asp.net or iis? I cannot do remote debugging and the server does not have visual studio installed.
I have undone all the modifications I made and its still broken.
This is usually a sign that IIS is having problems even starting the application. I'd remove everything from the web.config file and add each line in one by one until you get back to this error message. If it is an application error (i.e., something in your code) you would get a 500. Since you aren't getting a 500, it is a lower level than your application and the next lower level is IIS parsing your web.config file before serving requests.

Exe Hosted in IIS Calling Generates Http 405 Method not alllowed Error

I want to use Testtrack SDK API and for that needs to host Test Track SDK server on my server Machine, When I had installed Test Track on my server machine and tried to call it through code it gives me Error Http 405 method not allowed.
Is there any specific things which needs to be done in IIS to run exe ?
The 405 error is a security issue with the IIS web server. You can find step by step instructions for configuring CGIs with IIS in the TestTrack user documentation.
http://help.seapine.com/testtrack/2015.0.1/ttinstall/Default.htm#cshid=WebServerConfigIIS7_8

IIS - the request is rejected by HTTP filter when there are european char in the url

I'm using a web api application that returns valid post-codes for given city. The application is hosted on WinServer 2008 R2, IIS 6.1.
Application works fine as long as there are no European-char (ä,ß,æ,ø,å) in the URL.
But with any special/European-char in URL I get the following error message:
Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter. Contact the server administrator. (12217)
E.g. for working URL: edu.web/Api/PostCode/Heidenau
E.g. for non-working URL: edu.web/Api/PostCode/Heidehäuser
E.g. for non-working URL with URL encoding: edu.web/Api/PostCode/Heideh%C3%A4user
How to configure the IIS to accept european chars?
Thanks.
I've resolved the issue by involving our system administrator.
All Internet requests are passed through ISA server (Microsoft Forefront Threat Management Gateway) which by default filters all requests with special characters before they hit our Webservers.
After we changed the Configuration, everything started working as intended.

Resources