Solved

Not authorized error 401 The requested resource requires user auhthentication

Posted on 2014-03-10
6
920 Views
Last Modified: 2014-12-22
I get this error for ADFS when testing from inside using URL:
https://adfs.domain.com/adfs/ls/idpinitiatedsignon.aspx

Not authorized error 401 The requested resource requires user auhthentication

Please advice.
From outside SSO is working
0
Comment
Question by:claudiamcse
  • 5
6 Comments
 

Author Comment

by:claudiamcse
ID: 39919187
I also get this error when trying to browse to the following https://localhost/adfs/ls/
There was a problem accessing the site. Try to browse to the site again.
If the problem persists, contact the administrator of this site and provide the reference number to identify the problem.
Reference number: 6b1bc739-0815-45cd-8e6e-e57b4224cc2a
0
 

Author Comment

by:claudiamcse
ID: 39919249
I verified that I have the default settings on the ADFS server:

 If AD FS IIS authentication settings are incorrect, or IIS authentication settings for AD FS Federation Services and Proxy Services don't match, one solution is to reset all IIS authentication settings to the default AD FS settings.

I have the correct settings on the ADFS server

Default Web Site/adfs      Anonymous authentication
Default Web Site/adfs/ls      Anonymous authentication
Windows authentication
0
 
LVL 39

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 39919776
It's normal to get that error if you are accessing https://localhost/adfs/ls/

It it's the https://adfs.domain.com/adfs/ls/idpinitiatedsignon.aspx that is causing problems, check the default auth type you have configured. Some browsers do not support windows integrated auth, so that might be the problem.

Check the following links as well:

http://community.office365.com/en-us/forums/613/t/195089.aspx
http://robspitzer.wordpress.com/2012/04/02/reset-adfs-iis-permissions/
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:claudiamcse
ID: 39923624
It is actually started working now on all browsers except SAFARI after NTLM was moved up above Negotiate option on the Providers options. The resolution is below:
http://social.technet.microsoft.com/Forums/en-US/c9239a89-fbee-4adc-b72f-7a6a9648331f/401-unauthorized-access-is-denied-due-to-invalid-credentials?forum=winserversecurity

From inside using Safari we are never prompted with logon popup from ADFS server. From Outside using Safari Login page loads, but after entering credentials and clicking “Sign In” it returns back to the login page.

Please advice
0
 

Author Comment

by:claudiamcse
ID: 39924063
Disabled Extended Protection for Authentication but still not working from Safari (both outside and inside).

From Inside:
Getting the prompt now from sts.domain.com and after entering the credentials, we get this error in Safari:
Error: Too many redirects occurred trying to open sts.domain.com/adfs/ls

From Outside:
Getting the Form Authentication prompt from ADFS proxy. Then, after entering the credentials, the authentication prompt comes back blank again.
0
 

Author Closing Comment

by:claudiamcse
ID: 40513354
Thank you very much! This resolved the issue
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In a previous video Micro Tutorial here at Experts Exchange (http://www.experts-exchange.com/videos/1358/How-to-get-a-free-trial-of-Office-365-with-the-Office-2016-desktop-applications.html), I explained how to get a free, one-month trial of Office …
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now