Interesting problem when adding an ADFS Proxy

I am working on a blog post (step-by-step) for the Proxy component and I ran into a problem yesterday that ran me around pretty good.  We have seen this issue or variations of it on some support cases recently, so I thought the actual problem itself would make a good post. The problem is caused by permissions…


ADFS Diagnostic Tool

A huge thanks to the ADFS test team for developing such a great tool.    Here is a quick “how to”   The tool is very simple to use and provides a graphical UI. In order to perform distributed diagnosis, i.e. diagnose failures based on the configuration of multiple machines in the scenario, it’s necessary to copy the out file…


Enabling debug logging for Claims Aware Applications

  Place the following in your applications web.config file.  Place this after the </> section of the file.     <system.diagnostics>       <switches>         <add name=”WebSsoDebugLevel” value=”15″ />       </switches>       <trace autoflush=”true” indentsize=”3″>          <listeners>             <add name=”ADFSLogListener” type=”System.Web.Security.SingleSignOn.BoundedSizeLogFileTraceListener, System.Web.Security.SingleSignOn, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35, Custom=null” initializeData=”c:\adfs\logs\” />          </listeners>       </trace>     </system.diagnostics>


IFSEXT.DLL and the dialog box that is so very WRONG

  Ifsext.dll is the ADFS ISAPI used by the Token based Web Agent…We have seen issues before where we either need to add this manually or move it to the top of the list on the application config section of IIS. Once you go the properties of a web site, the Virtual Directory tab has…


MS Virtual Lab – A PKI troubleshooting exercise

I was going through some old items and came across this link for an on-line ADFS lab.  I decided to run through the lab (takes about an hour).  There are problems with it.  The title of this blog tells you what these problems are.  I can tell it’s an old lab, the manual tells you to…


The NT Token Cache

The NT Token cache on the web server – Maybe you didn’t know this even existed… Consider this scenario: You are setting up ADFS in a federated scenario with SharePoint configured as a token based application.  The initial setup has miscellaneous configuration errors that you correct along the way.  You test again and find some…