- Remove From My Forums
-
Question
-
I have already done several AD FS 3.0 setup in SharePoint 2013 environment to allow trusted Active Directory user to be able to access my SharePoint site. However the most recent setup I’m in charge has not been done due to MSIS7012 error. It would be great
if someone could tell me some potential reasons causing the error belowEncountered error during federation passive request.
Additional Data
Protocol Name:
SamlRelying Party:
Exception details:
Microsoft.IdentityServer.Protocols.Saml.SamlException: MSIS7012: An error occurred while processing the request. Contact your administrator for details.
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.GetSecurityTokenFromSignInResponse(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
Thuan Soldier
A 23-year-old man loving Microsoft technologies and making crazy ideas on business journey.
SharePoint Vietnam |
Blog | Twitter
Answers
-
You can solve the error executing from powershell logged in the primary ADFS server the below command:
Set-AdfsProperties -EnableIdpInitiatedSignonPage $true
Regards
La respuesta se proporciona «TAL CUAL», sin garantías y no confiere derechos. Es recomendable probar siempre cualquier sugerencia en un entorno de prueba antes de implementar! This posting is provided «AS IS» with no warranties and
confers no rights! Always test ANY suggestion in a test environment before implementing!-
Proposed as answer by
Tuesday, September 25, 2018 2:22 PM
-
Marked as answer by
Hamid Sadeghpour SalehMVP
Thursday, September 5, 2019 7:56 AM
-
Proposed as answer by
Содержание
- An error occurred while processing your request, что делать?
- Что такое An error occurred while processing your request
- Как исправить ошибку An error occurred
- Заключение
- An error occurred while processing this request contact your administrator
- Question
- An error occurred while processing this request contact your administrator
- Answered by:
- Question
- Answers
- All replies
- Решение: An error occurred while processing your request
- Error.
- An error occurred while processing your request.
- Answers
- All replies
- ravinjaype
An error occurred while processing your request, что делать?
Ряд пользователей браузеров при переходе на какой-либо сайт (наиболее часто данная проблема встречается на сайте Steam) могут столкнуться с ошибкой и соответствующим сообщением «An error occurred while processing your request». Обновление страницы проблемного сайта обычно ничего не даёт, пользователь сталкивается с упомянутой проблемой вновь и вновь. В этом материале я расскажу, что это за сообщение, при каких условиях появляется данная проблема, и как исправить её на вашем ПК.
Что такое An error occurred while processing your request
В переводе с английского языка текст данной ошибки звучит как «Произошла ошибка во время обработки вашего запроса». Как уже упоминалось выше, наиболее часто на возникновение данной ошибки жалуются пользователи Steam, которые при переходе на данный сайт встречают описанную дисфункцию.
При этом данная ошибка может встречаться и на других ресурсах, и в абсолютном большинстве случаев имеет браузерную основу (пользователи различных онлайн-программ практически с ней не сталкиваются).
Причины данной ошибки следующие:
- Сбой или перегрузка сервера, обрабатывающего ваш запрос;
- Случайный сбой вашего ПК;
- Кэш вашего браузера повреждён;
- Ошибка SSL-сертификата вашего браузера;
- Проблемы с HTTPS-протоколом у ряда сайтов;
- Проблема с HTTPS-расширениями вашего браузера (например, с «HTTPS Everywhere»).
После определения причин дисфункции перейдём к описанию того, как избавиться от ошибки Sorry, an error occurred while processing your request.
Как исправить ошибку An error occurred
Итак, вы встретились с упомянутой проблемой и думаете, как её устранить. Рекомендую выполнить следующий ряд действий:
- Попробуйте просто перезагрузить свой компьютер. Это помогает чаще, чем может показаться;
- Немного подождите. Во многих случаях (особенно это касается пользователей Steam) сервера бывают перегружены или «упали», потому необходимо некоторое время для решения проблемы администрацией сервера. В подобных случаях нужно немного подождать (часто хватает и суток) чтобы проблема была решена;
- Очистите кэш и куки вашего браузера. К примеру, в браузере Мозилла это делается переходом в «Настройки», затем в закладку «Приватность», и кликом на «Удалить вашу недавнюю историю». В открывшимся окне «Удаление истории» в «Подробности» поставьте галочку на «Кэш» и удалите последний;
Заключение
В данном материале мной была рассмотрена тема «An error occurred while processing your request, что делать», обозначены причины данной проблемы и намечены пути её решения. В большинстве случаев данная ошибка возникает из-за перегрузки или «падения» серверов, и от пользователя требуется немного подождать, дабы всё пришло в норму. В иных же случаях попробуйте выполнить очистку кэша вашего браузера, так как именно этот совет оказался весьма эффективным в решении данной проблемы на пользовательских ПК.
Источник
An error occurred while processing this request contact your administrator
Question
I have configured CBA / IFD on my client’s Dynamics CRM 2011 Server and now getting the following error when I try to browse the internal / external url:
Reference
number: 005e0041-36c7-4b2c-9b19-c07a3d071dd9
Certificate is a mulit-domain ucc and added correctly in certificate stores.
The Event Viewer in ADFS is giving the following error:
Microsoft.IdentityServer.Web.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. —>
Encountered error during federation passive request.
Microsoft.IdentityServer.Web.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. —> System.ServiceModel.FaultException: MSIS3127: The specified request failed.
at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClientManager.Issue(Message request, WCFResponseData responseData)
at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClient.Issue(RequestSecurityToken rst, WCFResponseData responseData)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)
— End of inner exception stack trace —
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, Uri& replyTo)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, MSISSession& session)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSerializedToken(String signOnToken, WSFederationMessage incomingMessage)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSecurityToken(SecurityToken securityToken, WSFederationMessage incomingMessage)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseForProtocolRequest(FederationPassiveContext federationPassiveContext, SecurityToken securityToken)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponse(SecurityToken securityToken)
System.ServiceModel.FaultException: MSIS3127: The specified request failed.
at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClientManager.Issue(Message request, WCFResponseData responseData)
at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClient.Issue(RequestSecurityToken rst, WCFResponseData responseData)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)
Microsoft Certified Business Management Solutions Specialist
Источник
An error occurred while processing this request contact your administrator
This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.
Answered by:
Question
I have already done several AD FS 3.0 setup in SharePoint 2013 environment to allow trusted Active Directory user to be able to access my SharePoint site. However the most recent setup I’m in charge has not been done due to MSIS7012 error. It would be great if someone could tell me some potential reasons causing the error below
Encountered error during federation passive request.
Exception details:
Microsoft.IdentityServer.Protocols.Saml.SamlException: MSIS7012: An error occurred while processing the request. Contact your administrator for details.
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.GetSecurityTokenFromSignInResponse(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
Thuan Soldier
A 23-year-old man loving Microsoft technologies and making crazy ideas on business journey.
SharePoint Vietnam | Blog | Twitter
Answers
You can solve the error executing from powershell logged in the primary ADFS server the below command:
Set-AdfsProperties -EnableIdpInitiatedSignonPage $true
La respuesta se proporciona «TAL CUAL», sin garantías y no confiere derechos. Es recomendable probar siempre cualquier sugerencia en un entorno de prueba antes de implementar! This posting is provided «AS IS» with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!
- Proposed as answer by Steve1234599999 Tuesday, September 25, 2018 2:22 PM
- Marked as answer by Hamid Sadeghpour Saleh MVP Thursday, September 5, 2019 7:56 AM
I had this once with a SP that was using another Signing Certificate than the one provided to us in the Federation Metadata XML we received from them. turned out that every time they ran some wizard to adjust their Federation settings a new Signing Certificate was created and used.
Thuan Soldier
A 23-year-old man loving Microsoft technologies and making crazy ideas on business journey.
SharePoint Vietnam | Blog | Twitter
I encountered the same error as yours. It drove me crazy to figure out the reason why. I searched a lot on the Internet and found that the possible reason could be Certificate Chain Validation and Revocation Status Checking in ADFS.
Somehow, due to security policies, your ADFS server is unable to check the Revocation status of the Token Singing Certificate. I realized that if I use the certificate auto generated by AD FS, this error will not happened. However if I disable the AutoCertificateRollover property, and use certificate same as the one for Service Communications, the error will occur. To resolve it, I have to set the SigningCertificateRevocationCheck property as «None» for the relevant Claims Provider Trust or Relying Party Trust.
Источник
Решение: An error occurred while processing your request
Ошибка An error occurred while processing your request. Reference . возникает в программе Steam, во время запуска или же во время выполнения какого-то действия. Ошибка означает, что во время вашего запроса произошла ошибка.
Необходимые действия, которые надо выполнить:
- Убедитесь, что вы используете последнюю версию программы Steam. Перейдите в раздел меню Steam и выберите пункт «Проверить наличие обновлений клиента». Если программа устарела — клиент обновится и ошибка error while processing request больше появляться не будет.
- Вторая по популярности проблема — это перезагруженность серверов. Если у вас актуальная версия и ошибка while processing your request то появляется то исчезает — сервер перезагружен. Попробуйте зайти в программу в другое время.
- Попробуйте обновить MS Visual C++, MS .NET Framework, VCredist. Эти компоненты необходимы для запуска игр и если у вас установлены старые версии, то вполне вероятно ожидать появление ошибок. Подробнее об обновлении читайте ниже.
- Запустите приложение от имени администратора.
Если вы нашли решение проблемы An error occurred while processing your request. Reference . , которое не указано в статье, просим вас помочь сообществу и поделиться решением в комментариях
Источник
Error.
An error occurred while processing your request.
Answers
Open IIS Manager and click on Application Pools. Make sure the Application Pool your MVC app is running under is set to .NET CLR version is 4 and the pipeline mode is Integrated.
Please set the custom errors to false and debug=true in your web.config file to see if it will some specific error message.
No, when client side script has error, the page will still loads. This issue seems like there is some error on the server side.
forgot to tell you that : I am getting this error on landing page..
Open IIS Manager and click on Application Pools. Make sure the Application Pool your MVC app is running under is set to .NET CLR version is 4 and the pipeline mode is Integrated.
I verified both setting are same as mentioned.
ravinjaype
I verified both setting are same as mentioned.
Please provide the entire error message. Perhaps the app is unable to connect to SQL server?
no error detail is coming on page. is there any way to make error show on page?
I verified both setting are same as mentioned.
Go look at the IIS logs.
Maybe you should post to IIS forum.
When you convert the folder to application, there is a button ‘Connect As..’ in the dialog, please check which user you are using and make sure this user has the permission to operate the folders. You can use the Test Settings to check if the current user has the permissions to operate these folders.
Источник
- Remove From My Forums
-
Question
-
Hi,
I have configured CBA / IFD on my client’s Dynamics CRM 2011 Server and now getting the following error when I try to browse the internal / external url:
There was a problem accessing the site. Try to browse to the site again.
If the problem persists, contact the administrator of this site and provide the reference number to identify the problem.
Reference
number: 005e0041-36c7-4b2c-9b19-c07a3d071dd9Certificate is a mulit-domain ucc and added correctly in certificate stores.
The Event Viewer in ADFS is giving the following error:
Microsoft.IdentityServer.Web.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. —>
Encountered error during federation passive request.
Additional Data
Exception details:
Microsoft.IdentityServer.Web.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. —> System.ServiceModel.FaultException: MSIS3127: The specified request failed.
at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClientManager.Issue(Message request, WCFResponseData responseData)
at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClient.Issue(RequestSecurityToken rst, WCFResponseData responseData)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)
— End of inner exception stack trace —
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, Uri& replyTo)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, MSISSession& session)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSerializedToken(String signOnToken, WSFederationMessage incomingMessage)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSecurityToken(SecurityToken securityToken, WSFederationMessage incomingMessage)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseForProtocolRequest(FederationPassiveContext federationPassiveContext, SecurityToken securityToken)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponse(SecurityToken securityToken)
System.ServiceModel.FaultException: MSIS3127: The specified request failed.
at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClientManager.Issue(Message request, WCFResponseData responseData)
at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClient.Issue(RequestSecurityToken rst, WCFResponseData responseData)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)
Please help!
Regards,
Zack
Microsoft Certified Business Management Solutions Specialist
Answers
-
Hi Zack,
We got the same issue. This issues is because of the saml 1.0, but we are using saml 2.0 which is adfs 2.0
you need to change the rule for your internal and external replying party trust.
When you create rule transform windows account you need to select *name not name. This resolves the issue. Because *name supports for both saml 1.0 and saml 2.0.
Regards,
Khaja Mohiddin
http://www.dynamicsexchange.com
http://about.me/KhajaMohiddin-
Marked as answer by
Friday, March 2, 2012 11:20 AM
-
Marked as answer by
Published on Friday, July 26, 2013
in
AD CS,
AD FS
Just as a reminder for myself. The following error might appear in the ADFS Admin log after a user being faced with the ADFS error page. The error is pretty cryptic and gives no real clues away.
Error event ID 364: Encountered error during federation passive request.
Additional Data
Exception details:
Microsoft.IdentityServer.Web.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. —> Microsoft.IdentityServer.Protocols.WSTrust.StsConnectionException: MSIS7004: An exception occurred while connecting to the federation service. The service endpoint URL ‘net.tcp://localhost:1501/adfs/services/trusttcp/windows’ may be incorrect or the service is not running. —> System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at net.tcp://localhost:1501/adfs/services/trusttcp/windows that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
But after restarting the ADFS service an additional errors are shown:
Error event ID 102: There was an error in enabling endpoints of Federation Service. Fix configuration errors using PowerShell cmdlets and restart the Federation Service.
Additional Data
Exception details:
System.ArgumentNullException: Value cannot be null.
Parameter name: certificate
at System.IdentityModel.Tokens.X509SecurityToken..ctor(X509Certificate2 certificate, String id, Boolean clone, Boolean disposable)
at System.IdentityModel.Tokens.X509SecurityToken..ctor(X509Certificate2 certificate)
at Microsoft.IdentityServer.Service.Configuration.MSISSecurityTokenServiceConfiguration.Create(Boolean forSaml)
at Microsoft.IdentityServer.Service.Policy.PolicyServer.Service.ProxyPolicyServiceHost.ConfigureWIF()
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISConfigurableServiceHost.Configure()
at Microsoft.IdentityServer.Service.SecurityTokenService.STSService.StartProxyPolicyStoreService(ServiceHostManager serviceHostManager)
at Microsoft.IdentityServer.Service.SecurityTokenService.STSService.OnStartInternal(Boolean requestAdditionalTime)
And Event id 133: During processing of the Federation Service configuration, the element ‘signingToken’ was found to have invalid data. The private key for the certificate that was configured could not be accessed. The following are the values of the certificate:
Element: signingToken
This one is more descriptive. Here and there you see people saying that adding the ADFS service account to the local admins resolves this issue. Yeah I can imagine that, but that account is not supposed to have that kind of privileges! It’s sufficient to grant read (not even full control) to the private keys of the token signing and decrypting certificate. You can manage these by opening the mmc, adding the certificates snappin for the computer and browse the personal store.
*EDIT* This turned out to fail, please read the follow-up post; https://tickett.wordpress.com/2015/04/21/second-attempt-updating-adfs-ssl-certificate-on-windows-server-2012-r2/
I noticed a warning in Office 365 webmail that my SSL certificate was due to expire soon and hoped updating it would be a trivial task.
As always, I used https://www.startssl.com/ to generate a new certificate. I fired up IIS on the ADFS server and imported the new certificate (Server Certificates, Import). When I tried to bind the certificate to the ADFS https site I received a warning/error about a missing intermediate CA certificate. This was easily fixed by downloading the “Class 2 Intermediate Server CA” certificate from StartSSL and importing into the windows certificate store under Intermediate Certificate Authorities (Launched from the start menu by searching for “Manage computer certificates”);
Binding to the site in IIS was now successful. However, none of my federated applications were working. Just an ADFS error;
And some errors to match in the event log;
On each login attempted I was received the following 3 events;
Event: 111
The Federation Service encountered an error while processing the WS-Trust request. Request type: http://schemas.microsoft.com/idfx/requesttype/issue Additional Data Exception details: System.ArgumentNullException: Value cannot be null. Parameter name: certificate at Microsoft.IdentityModel.Threading.AsyncResult.End(IAsyncResult result) at Microsoft.IdentityModel.Threading.TypedAsyncResult`1.End(IAsyncResult result) at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.EndIssue(IAsyncResult result) at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet)
Event: 1000
An error occurred during processing of a token request. The data in this event may have the identity of the caller (application) that made this request. The data includes an Activity ID that you can cross-reference to error or warning events to help diagnose the problem that caused this error. Additional Data Caller: TICKETTlee OnBehalfOf user: ActAs user: Target Relying Party: http://adfs.tickett.net/adfs/services/trust Device identity: User action: Use the Activity ID data in this message to search and correlate the data to events in the Event log using Event Viewer. This Activity ID will also be shown as additional information in the error page when an error occurs in the federation passive Web application.
Event: 364
Encountered error during federation passive request. Additional Data Protocol Name: wsfed Relying Party: urn:federation:MicrosoftOnline Exception details: Microsoft.IdentityServer.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. ---> System.ArgumentNullException: Value cannot be null. Parameter name: certificate at Microsoft.IdentityModel.Threading.AsyncResult.End(IAsyncResult result) at Microsoft.IdentityModel.Threading.TypedAsyncResult`1.End(IAsyncResult result) at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.EndIssue(IAsyncResult result) at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet) at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.SubmitRequest(MSISRequestSecurityToken request, IList`1& identityClaimCollection) at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestBearerToken(MSISRequestSecurityToken signInRequest, Uri& replyTo, IList`1& identityClaimCollection) at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestSingleSingOnToken(ProtocolContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken) at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSsoSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken, SecurityToken& ssoSecurityToken) at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponseCoreWithSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken) at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponse(WSFederationSignInContext federationPassiveContext, SecurityToken securityToken, SecurityToken deviceSecurityToken) --- End of inner exception stack trace --- at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponse(WSFederationSignInContext federationPassiveContext, SecurityToken securityToken, SecurityToken deviceSecurityToken) at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.Process(ProtocolContext context) at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler) at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context) System.ArgumentNullException: Value cannot be null. Parameter name: certificate at Microsoft.IdentityModel.Threading.AsyncResult.End(IAsyncResult result) at Microsoft.IdentityModel.Threading.TypedAsyncResult`1.End(IAsyncResult result) at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.EndIssue(IAsyncResult result) at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet) at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.SubmitRequest(MSISRequestSecurityToken request, IList`1& identityClaimCollection) at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestBearerToken(MSISRequestSecurityToken signInRequest, Uri& replyTo, IList`1& identityClaimCollection) at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestSingleSingOnToken(ProtocolContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken) at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSsoSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken, SecurityToken& ssoSecurityToken) at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponseCoreWithSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken) at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponse(WSFederationSignInContext federationPassiveContext, SecurityToken securityToken, SecurityToken deviceSecurityToken)
The earlier Office365 warning did link to a page which also included instructions for updating the certificates within ADFS, so I went ahead and did that too (In ADFS Manager, Set Service Communications Certificate, Add Token-Signing Certificate and Add Token-Decrypting Certificate). But still nothing… restarting didn’t help either.
Eventually I found an article with a few powershell commands; http://blogs.technet.com/b/tune_in_to_windows_intune/archive/2013/11/13/replace-certificates-on-adfs-3-0.aspx
Get-AdfsSslCertificate
Comparing this to the new certificate, I can see that it doesn’t match;
Set-AdfsSslCertificate -Thumbprint NEWSSLCERTIFICATETHUMBPRINT
Despite returning an error message referencing the old SSL certificate, you can see that the new one is now correctly assigned (by issuing the Get-AdfsSslCertificate command again).
And voila, I can now log in to my federated applications.
*EDIT* This turned out to fail, please read the follow-up post; https://tickett.wordpress.com/2015/04/21/second-attempt-updating-adfs-ssl-certificate-on-windows-server-2012-r2/