We use passive federation, the adfs-server is called MyADFS.MyInternalDomain and it is also exposed on the internet as myADFS.MyExternalDomain.com.
Everything works as expected when accessing it from the internet, but if I try to access
myADFS.MyExternalDomain.com from within MyInternalDomain, I get a query string of some 3-4000 characters, and the adfs webserver throws a "length of query string exceeds..".
Here's an example of the query-string.
What's up with all the %25-paddings in the query string?
How are you getting to the external ADFS server? Is it an RP that is redirecting to it? If you are using WIF, what does the wsFederation tag look like in your web.config?
<wsFederation passiveRedirectEnabled="true" issuer="https://yaddayaddayadda/adfs/ls/" realm="https://troymcclure/webapplication3/" requireHttps="true" />
Developer Security MVP | http://www.steveonsecurity.com
Were you able to solve this?
We have a ADFS 2.0 with RP & a custom STS as trusted claim provider in ADFS and the behaviors of browsing the RP is very different, on firefox it works fine but fails on IE & Chrom. Sometime we get the same error of query string length exceeds, & URL looks like the same as you posted in question.