This is using Server 2016 TP2 but also applies to 2012 R2 with Active Directory Federation Services (ADFS / "AD FS").
I was looking at the IDPIntiated page i.e.
https://xxx/adfs/ls/idpinitiatedsignon.htm
and got this error:
Microsoft.IdentityServer.Web.IdPInitiatedSignonPageDisabledException: MSIS7012: An error occurred while processing the request. Contact your administrator for details.
WTF?
So Mr. Google to the rescue and I found that in these editions it has been disabled.
@Jorge blogged about it but unfortunately he watermarks his images and the watermark totally obscures the PowerShell command!
Get-AdfsProperties
...
AllowSystemServiceAdministration : False
AllowLocalAdminsServiceAdministration : True
CurrentFarmBehavior : Threshold
DeviceUsageWindowInDays : 7
EnableIdpInitiatedSignonPage : False
See the problem right there on the last line?
So we run:
set-AdfsProperties -EnableIdPInitiatedSignonPage $true
Problem solved:
AllowSystemServiceAdministration : False
AllowLocalAdminsServiceAdministration : True
CurrentFarmBehavior : Threshold
DeviceUsageWindowInDays : 7
EnableIdpInitiatedSignonPage : True
Enjoy!
7 comments:
Thank you!
this is an issue on server 2016 as well. I include some of the event log entries in my blog as well: http://tothebatcloud.com/2016/12/adfs-server-2016-issue-testing/
Thanks from Texas!
Thanks a lot !!!!! Spent 4 hours looking for a solution for this !!!
Thanks!! Also looked for hours till I found this post.
Nice Blog Post !
Great! Thanks so much!
Post a Comment