3

I am trying to set up AD LDS as a claims provider in ADFS using Microsoft document here. But I am not able to get it working. When I select the LDS option for my application instead of AD, I get following error.

An error occurred. Contact your administrator for more information

If I check the error log in event viewer of ADFS Server, I can see below details.

Encountered error during federation passive request. 

Additional Data 

Protocol Name: 
OAuthAuthorizationProtocol 

Relying Party: 
<My-Relying-Party> 

Exception details: 
Microsoft.IdentityServer.RequestFailedException: No authentication provider could be found that supports the authentication methods specified in the '<My-Identifier>' claims provider trust.
   at Microsoft.IdentityServer.Web.Authentication.GlobalAuthenticationPolicyEvaluator.FilterAuthMethodsByAccountStoreV2(ProtocolContext protocolContext, GlobalAuthenticationPolicy& globalPolicy)
   at Microsoft.IdentityServer.Web.Authentication.GlobalAuthenticationPolicyEvaluator.EvaluatePolicyV2(IList`1 mappedRequestedAuthMethods, IList`1 mappedRequestedACRAuthProviders, AccessLocation location, ProtocolContext context, HashSet`1 authProvidersInToken, Boolean isOnWiaEndpoint, Boolean& validAuthProvidersInToken)
   at Microsoft.IdentityServer.Web.Authentication.AuthenticationPolicyEvaluator.RetrieveFirstStageAuthenticationDomainV2(Boolean& validAuthProvidersInToken)
   at Microsoft.IdentityServer.Web.Authentication.AuthenticationPolicyEvaluator.EvaluatePolicy(Boolean& isLastStage, AuthenticationStage& currentStage, Boolean& strongAuthRequried)
   at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthMethodsFromAuthPolicyRules(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
   at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthenticationMethods(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
   at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

EDIT:

Also to note, added claims provider trust is not visible in GUI of AD FS Management Console. Server in use is Windows Server 2016 Datacenter.

Chaitanya Gadkari
  • 2,669
  • 4
  • 30
  • 54
  • Does the claim provider trust appear with get-adfslocalclaimsprovidertrust (https://learn.microsoft.com/en-us/powershell/module/adfs/get-adfslocalclaimsprovidertrust?view=win10-ps)? I've never seen something *not* appear in the GUI management console. – LisaJ Dec 18 '18 at 22:42
  • Yes, claims provider trust does appear with get-adfslocalclaimsprovidertrust – Chaitanya Gadkari Jan 04 '19 at 11:55
  • @ChaitanyaGadkari Did you resolved your error ? I'm experimenting same mistake on my ADFS plateforme. All works fine inside organization. Outside, same error. – Le_Fredo Dec 04 '20 at 09:19
  • @Le_Fredo , no I couldn't, I did not continue on that later... Please do post the answer if you are able to resolve this. – Chaitanya Gadkari Dec 04 '20 at 09:57

0 Answers0