locked
ADFS 3.0 and Azure MFA RRS feed

  • Question

  • I've got an ADFS farm with WAPs.  I've also got Azure MFA server.  Both work separately as expected, but when I try to turn on MFA for a claim, I receive the following 2 events in my event log...

    Log Name:      AD FS/Admin
    Source:        AD FS
    Date:          5/27/2016 1:39:45 PM
    Event ID:      364
    Task Category: None
    Level:         Error
    Keywords:      AD FS
    User:          DOMAIN\ADFS_MSA
    Computer:      ADFS1.DOMAIN.com
    Description:
    Encountered error during federation passive request. 
    
    Additional Data 
    
    Protocol Name: 
    wsfed 
    
    Relying Party: 
    urn:federation:MicrosoftOnline 
    
    Exception details: 
    Microsoft.IdentityServer.RequestFailedException: No strong authentication method found for the request from urn:federation:MicrosoftOnline.
       at Microsoft.IdentityServer.Web.Authentication.AuthenticationPolicyEvaluator.EvaluatePolicy(Boolean& isLastStage, AuthenticationStage& currentStage, Boolean& strongAuthRequried)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthMethodsFromAuthPolicyRules(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthenticationMethods(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
    
    
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" />
        <EventID>364</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000001</Keywords>
        <TimeCreated SystemTime="2016-05-27T17:39:45.167138800Z" />
        <EventRecordID>28372</EventRecordID>
        <Correlation ActivityID="{00000000-0000-0000-5E00-0080000000F5}" />
        <Execution ProcessID="4504" ThreadID="5052" />
        <Channel>AD FS/Admin</Channel>
        <Computer>ADFS1.DOMAIN.com</Computer>
        <Security UserID="S-1-5-21-269168588-1529296069-1648912389-70236" />
      </System>
      <UserData>
        <Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">
          <EventData>
            <Data>wsfed</Data>
            <Data>urn:federation:MicrosoftOnline</Data>
            <Data>Microsoft.IdentityServer.RequestFailedException: No strong authentication method found for the request from urn:federation:MicrosoftOnline.
       at Microsoft.IdentityServer.Web.Authentication.AuthenticationPolicyEvaluator.EvaluatePolicy(Boolean&amp; isLastStage, AuthenticationStage&amp; currentStage, Boolean&amp; strongAuthRequried)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthMethodsFromAuthPolicyRules(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthenticationMethods(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
    
    </Data>
          </EventData>
        </Event>
      </UserData>
    </Event>

    And...

    Log Name:      AD FS/Admin
    Source:        AD FS
    Date:          5/27/2016 1:39:45 PM
    Event ID:      364
    Task Category: None
    Level:         Error
    Keywords:      AD FS
    User:          DOMAIN\ADFS_MSA
    Computer:      ADFS1.DOMAIN.com
    Description:
    Encountered error during federation passive request. 
    
    Additional Data 
    
    Protocol Name: 
    msisHttpProtocol 
    
    Relying Party: 
    urn:AppProxy:com 
    
    Exception details: 
    Microsoft.IdentityServer.RequestFailedException: No strong authentication method found for the request from urn:AppProxy:com.
       at Microsoft.IdentityServer.Web.Authentication.AuthenticationPolicyEvaluator.EvaluatePolicy(Boolean& isLastStage, AuthenticationStage& currentStage, Boolean& strongAuthRequried)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthMethodsFromAuthPolicyRules(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthenticationMethods(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
    
    
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" />
        <EventID>364</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000001</Keywords>
        <TimeCreated SystemTime="2016-05-27T17:39:45.385884800Z" />
        <EventRecordID>28373</EventRecordID>
        <Correlation ActivityID="{3C1458DE-B781-0000-3259-143C81B7D101}" />
        <Execution ProcessID="4504" ThreadID="5052" />
        <Channel>AD FS/Admin</Channel>
        <Computer>ADFS1.DOMAIN.com</Computer>
        <Security UserID="S-1-5-21-269168588-1529296069-1648912389-70236" />
      </System>
      <UserData>
        <Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">
          <EventData>
            <Data>msisHttpProtocol</Data>
            <Data>urn:AppProxy:com</Data>
            <Data>Microsoft.IdentityServer.RequestFailedException: No strong authentication method found for the request from urn:AppProxy:com.
       at Microsoft.IdentityServer.Web.Authentication.AuthenticationPolicyEvaluator.EvaluatePolicy(Boolean&amp; isLastStage, AuthenticationStage&amp; currentStage, Boolean&amp; strongAuthRequried)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthMethodsFromAuthPolicyRules(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthenticationMethods(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
    
    </Data>
          </EventData>
        </Event>
      </UserData>
    </Event>
    

    I wen through and configured the MFA adapter on ADFS, enter the proper credentials for the webSDK.

    Any info would be greatly appreciated.

    Tuesday, May 31, 2016 6:43 PM

All replies