Reference Number error because of ADFS2.0 SecurityTokenException: MSIS3120: SubjectConfirmationData had wrong recipient


  • Hello,

    I always get the following ADFS2.0ror on my system which leads to a reference number error message in the client browser making the request.

    On the ADFS2.0 Server it says:
    The Federation Service encountered an error while processing the WS-Trust request.
    SecurityTokenException: MSIS3120: SubjectConfirmationData had wrong recipient. Expected 'https//myServerName.full.qualified.domain.suffix/adfs/ls/' but received: 'https://Name-On-ReverseProxy.otherFQ.domainname/adfs/ls/'.

    It is true that the client tries to access the Appserver while coming from the ReverseProxy with a different Servername and URL than the certificate on the server had been issued to.
    Isnt' ADFS2.0 a oneway SSL handshake? Doesn't that mean that the Server accepts any client? And that the benefit is the encrypted sending of data?

    Why can't I access the AppServer when going over the reverse proxy? Why does ADFS2.0 block the access if it implements a one way SSL connection only and would supposedly accept any client?


    What can I do to change this? Is there a hidden configuration that I overlook?


    Thank you


    2011年12月21日 14:52


  • Hi, this is a cookie problem, I believe.

    ProxyPassReverseCookieDomain perhaps could do s.th. but I am not sure yet.




    2011年12月22日 15:14