Monday, August 17, 2015

ADFS : .IdPInitiatedSignonPageDisabledException

This is using Server 2016 TP2 but also applies to 2012 R2 with Active Directory Federation Services (ADFS / "AD FS").

I was looking at the IDPIntiated page i.e.

https://xxx/adfs/ls/idpinitiatedsignon.htm

and got this error:

Microsoft.IdentityServer.Web.IdPInitiatedSignonPageDisabledException: MSIS7012: An error occurred while processing the request. Contact your administrator for details.

WTF?

So Mr. Google to the rescue and I found that in these editions it has been disabled.

@Jorge blogged about it but unfortunately he watermarks his images and the watermark totally obscures the PowerShell command!

Get-AdfsProperties

...
AllowSystemServiceAdministration           : False
AllowLocalAdminsServiceAdministration      : True
CurrentFarmBehavior                        : Threshold
DeviceUsageWindowInDays                    : 7
EnableIdpInitiatedSignonPage               : False


See the problem right there on the last line?

So we run:

 set-AdfsProperties -EnableIdPInitiatedSignonPage $true

Problem solved:

AllowSystemServiceAdministration           : False
AllowLocalAdminsServiceAdministration      : True
CurrentFarmBehavior                        : Threshold
DeviceUsageWindowInDays                    : 7
EnableIdpInitiatedSignonPage               : True


Enjoy!

4 comments:

Anonymous said...

Thank you!

Bryan said...

this is an issue on server 2016 as well. I include some of the event log entries in my blog as well: http://tothebatcloud.com/2016/12/adfs-server-2016-issue-testing/

Anonymous said...

Thanks from Texas!

Anonymous said...

Thanks a lot !!!!! Spent 4 hours looking for a solution for this !!!