0

I don't know what am I missing about configuring spring-saml-extension and adfs. I did everything as mentioned in this guide, but IIS returns me a 403 forbidden error with this message:

You do not have permission to view this directory or page using the credentials that you supplied.

Is there anything else I need to do on IIS?

admdrew
  • 3,790
  • 4
  • 27
  • 39
Rob
  • 53
  • 1
  • 6
  • You may want to start with going through ADFS's logs. – Vladimír Schäfer Jan 06 '15 at 08:09
  • Hi Vladimír, I just enabled ADFS's log as shows this [link] (http://social.technet.microsoft.com/wiki/contents/articles/1407.how-to-enable-debug-logging-for-active-directory-federation-services-2-0-ad-fs-2-0.aspx). However it is not logging the requests yet. Something I noticed is that [initiatedsignon.asp](https://adfsserver/adfs/ls/idpinitiatedsignon.aspx) returns the same response. Something about permissions is missing. – Rob Jan 06 '15 at 15:20
  • Could you please have a look at my answer on [ASP MVC in IIS 7 results in: HTTP Error 403.14 - Forbidden](http://stackoverflow.com/questions/1741439/asp-mvc-in-iis-7-results-in-http-error-403-14-forbidden/41363973#41363973). – Murat Yıldız Dec 28 '16 at 14:25

1 Answers1

1

Well,

after hours researching about this I found what the problem was.

There is an ISAPI filter on

IIS -> Default Web Site

that was redirecting request to another place.

I got this by enabling httpErrors to DetailedMode:

C:\Windows\System32\inetsrv>appcmd.exe set config "Default Web Site" /section:httpErrors /errorMode:Detailed

Then, when I entered to /adfs/ls/idpinitiatedsignon.aspx, ISS throwed this screen: Http Error 403.18 - Forbidden

For more information about this, I would recomenend to see throbleshoot ISS errors like a pro

So, what I did was to remove that filter at

IIS -> Default Web Site -> ISAPI Filters

and it finally worked :)

Thanks @admdrew and @Vladimir for your help.

Rob
  • 53
  • 1
  • 6