• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1416
  • Last Modified:

Not authorized error 401 The requested resource requires user auhthentication

I get this error for ADFS when testing from inside using URL:
https://adfs.domain.com/adfs/ls/idpinitiatedsignon.aspx

Not authorized error 401 The requested resource requires user auhthentication

Please advice.
From outside SSO is working
0
claudiamcse
Asked:
claudiamcse
  • 5
1 Solution
 
claudiamcseAuthor Commented:
I also get this error when trying to browse to the following https://localhost/adfs/ls/
There was a problem accessing the site. Try to browse to the site again.
If the problem persists, contact the administrator of this site and provide the reference number to identify the problem.
Reference number: 6b1bc739-0815-45cd-8e6e-e57b4224cc2a
0
 
claudiamcseAuthor Commented:
I verified that I have the default settings on the ADFS server:

 If AD FS IIS authentication settings are incorrect, or IIS authentication settings for AD FS Federation Services and Proxy Services don't match, one solution is to reset all IIS authentication settings to the default AD FS settings.

I have the correct settings on the ADFS server

Default Web Site/adfs      Anonymous authentication
Default Web Site/adfs/ls      Anonymous authentication
Windows authentication
0
 
Vasil Michev (MVP)Commented:
It's normal to get that error if you are accessing https://localhost/adfs/ls/

It it's the https://adfs.domain.com/adfs/ls/idpinitiatedsignon.aspx that is causing problems, check the default auth type you have configured. Some browsers do not support windows integrated auth, so that might be the problem.

Check the following links as well:

http://community.office365.com/en-us/forums/613/t/195089.aspx
http://robspitzer.wordpress.com/2012/04/02/reset-adfs-iis-permissions/
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
claudiamcseAuthor Commented:
It is actually started working now on all browsers except SAFARI after NTLM was moved up above Negotiate option on the Providers options. The resolution is below:
http://social.technet.microsoft.com/Forums/en-US/c9239a89-fbee-4adc-b72f-7a6a9648331f/401-unauthorized-access-is-denied-due-to-invalid-credentials?forum=winserversecurity

From inside using Safari we are never prompted with logon popup from ADFS server. From Outside using Safari Login page loads, but after entering credentials and clicking “Sign In” it returns back to the login page.

Please advice
0
 
claudiamcseAuthor Commented:
Disabled Extended Protection for Authentication but still not working from Safari (both outside and inside).

From Inside:
Getting the prompt now from sts.domain.com and after entering the credentials, we get this error in Safari:
Error: Too many redirects occurred trying to open sts.domain.com/adfs/ls

From Outside:
Getting the Form Authentication prompt from ADFS proxy. Then, after entering the credentials, the authentication prompt comes back blank again.
0
 
claudiamcseAuthor Commented:
Thank you very much! This resolved the issue
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now