Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Not authorized error 401 The requested resource requires user auhthentication

Posted on 2014-03-10
6
966 Views
Last Modified: 2014-12-22
I get this error for ADFS when testing from inside using URL:
https://adfs.domain.com/adfs/ls/idpinitiatedsignon.aspx

Not authorized error 401 The requested resource requires user auhthentication

Please advice.
From outside SSO is working
0
Comment
Question by:claudiamcse
  • 5
6 Comments
 

Author Comment

by:claudiamcse
ID: 39919187
I also get this error when trying to browse to the following https://localhost/adfs/ls/
There was a problem accessing the site. Try to browse to the site again.
If the problem persists, contact the administrator of this site and provide the reference number to identify the problem.
Reference number: 6b1bc739-0815-45cd-8e6e-e57b4224cc2a
0
 

Author Comment

by:claudiamcse
ID: 39919249
I verified that I have the default settings on the ADFS server:

 If AD FS IIS authentication settings are incorrect, or IIS authentication settings for AD FS Federation Services and Proxy Services don't match, one solution is to reset all IIS authentication settings to the default AD FS settings.

I have the correct settings on the ADFS server

Default Web Site/adfs      Anonymous authentication
Default Web Site/adfs/ls      Anonymous authentication
Windows authentication
0
 
LVL 40

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 39919776
It's normal to get that error if you are accessing https://localhost/adfs/ls/

It it's the https://adfs.domain.com/adfs/ls/idpinitiatedsignon.aspx that is causing problems, check the default auth type you have configured. Some browsers do not support windows integrated auth, so that might be the problem.

Check the following links as well:

http://community.office365.com/en-us/forums/613/t/195089.aspx
http://robspitzer.wordpress.com/2012/04/02/reset-adfs-iis-permissions/
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:claudiamcse
ID: 39923624
It is actually started working now on all browsers except SAFARI after NTLM was moved up above Negotiate option on the Providers options. The resolution is below:
http://social.technet.microsoft.com/Forums/en-US/c9239a89-fbee-4adc-b72f-7a6a9648331f/401-unauthorized-access-is-denied-due-to-invalid-credentials?forum=winserversecurity

From inside using Safari we are never prompted with logon popup from ADFS server. From Outside using Safari Login page loads, but after entering credentials and clicking “Sign In” it returns back to the login page.

Please advice
0
 

Author Comment

by:claudiamcse
ID: 39924063
Disabled Extended Protection for Authentication but still not working from Safari (both outside and inside).

From Inside:
Getting the prompt now from sts.domain.com and after entering the credentials, we get this error in Safari:
Error: Too many redirects occurred trying to open sts.domain.com/adfs/ls

From Outside:
Getting the Form Authentication prompt from ADFS proxy. Then, after entering the credentials, the authentication prompt comes back blank again.
0
 

Author Closing Comment

by:claudiamcse
ID: 40513354
Thank you very much! This resolved the issue
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
Adoption of Microsoft’s Enterprise Mobility and Security solution and Office 365 will re-order the File Sync and Share market Microsoft has stated that its Enterprise Mobility + Security (EMS) is the fastest growing product in the history of the …
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question