Solved

Not authorized error 401 The requested resource requires user auhthentication

Posted on 2014-03-10
6
1,072 Views
Last Modified: 2014-12-22
I get this error for ADFS when testing from inside using URL:
https://adfs.domain.com/adfs/ls/idpinitiatedsignon.aspx

Not authorized error 401 The requested resource requires user auhthentication

Please advice.
From outside SSO is working
0
Comment
Question by:claudiamcse
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
6 Comments
 

Author Comment

by:claudiamcse
ID: 39919187
I also get this error when trying to browse to the following https://localhost/adfs/ls/
There was a problem accessing the site. Try to browse to the site again.
If the problem persists, contact the administrator of this site and provide the reference number to identify the problem.
Reference number: 6b1bc739-0815-45cd-8e6e-e57b4224cc2a
0
 

Author Comment

by:claudiamcse
ID: 39919249
I verified that I have the default settings on the ADFS server:

 If AD FS IIS authentication settings are incorrect, or IIS authentication settings for AD FS Federation Services and Proxy Services don't match, one solution is to reset all IIS authentication settings to the default AD FS settings.

I have the correct settings on the ADFS server

Default Web Site/adfs      Anonymous authentication
Default Web Site/adfs/ls      Anonymous authentication
Windows authentication
0
 
LVL 42

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 39919776
It's normal to get that error if you are accessing https://localhost/adfs/ls/

It it's the https://adfs.domain.com/adfs/ls/idpinitiatedsignon.aspx that is causing problems, check the default auth type you have configured. Some browsers do not support windows integrated auth, so that might be the problem.

Check the following links as well:

http://community.office365.com/en-us/forums/613/t/195089.aspx
http://robspitzer.wordpress.com/2012/04/02/reset-adfs-iis-permissions/
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:claudiamcse
ID: 39923624
It is actually started working now on all browsers except SAFARI after NTLM was moved up above Negotiate option on the Providers options. The resolution is below:
http://social.technet.microsoft.com/Forums/en-US/c9239a89-fbee-4adc-b72f-7a6a9648331f/401-unauthorized-access-is-denied-due-to-invalid-credentials?forum=winserversecurity

From inside using Safari we are never prompted with logon popup from ADFS server. From Outside using Safari Login page loads, but after entering credentials and clicking “Sign In” it returns back to the login page.

Please advice
0
 

Author Comment

by:claudiamcse
ID: 39924063
Disabled Extended Protection for Authentication but still not working from Safari (both outside and inside).

From Inside:
Getting the prompt now from sts.domain.com and after entering the credentials, we get this error in Safari:
Error: Too many redirects occurred trying to open sts.domain.com/adfs/ls

From Outside:
Getting the Form Authentication prompt from ADFS proxy. Then, after entering the credentials, the authentication prompt comes back blank again.
0
 

Author Closing Comment

by:claudiamcse
ID: 40513354
Thank you very much! This resolved the issue
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enabling the Skype for Business Meeting Scheduler in Hybrid OWA
Microsoft is moving in-place eDiscovery & hold from ECP to EOP console under Content Search in Search and Investigation Options.  In this post, I will be showing you how to export emails to a PST file using the Content Search Options.
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question