Reference Number error because of ADFS2.0 SecurityTokenException: MSIS3120: SubjectConfirmationData had wrong recipient
-
Mittwoch, 21. Dezember 2011 14:52
Hello,
I always get the following ADFS2.0ror on my system which leads to a reference number error message in the client browser making the request.
On the ADFS2.0 Server it says:
The Federation Service encountered an error while processing the WS-Trust request.
...
SecurityTokenException: MSIS3120: SubjectConfirmationData had wrong recipient. Expected 'https//myServerName.full.qualified.domain.suffix/adfs/ls/' but received: 'https://Name-On-ReverseProxy.otherFQ.domainname/adfs/ls/'.It is true that the client tries to access the Appserver while coming from the ReverseProxy with a different Servername and URL than the certificate on the server had been issued to.
BUT:
Isnt' ADFS2.0 a oneway SSL handshake? Doesn't that mean that the Server accepts any client? And that the benefit is the encrypted sending of data?Why can't I access the AppServer when going over the reverse proxy? Why does ADFS2.0 block the access if it implements a one way SSL connection only and would supposedly accept any client?
What can I do to change this? Is there a hidden configuration that I overlook?
Thank you
Andreas
Andreas
Alle Antworten
-
Donnerstag, 22. Dezember 2011 15:14
Hi, this is a cookie problem, I believe.
ProxyPassReverseCookieDomain perhaps could do s.th. but I am not sure yet.
Sincereley
Andreas
Andreas
