Link to home
Start Free TrialLog in
Avatar of Eprs_Admin
Eprs_AdminFlag for Austria

asked on

ADFS Troubleshooting

Hi Experts,

can you help me with ADFS trouble shooting ?

When my client connects to ADFS, he has to choose between several certificates.
Is it possible to switch it off ?

Do you have any guidelines how to troubleshoot ?
Maybe some sites to test ?
Test authentication and so on ?
Avatar of Jeff Glover
Jeff Glover
Flag of United States of America image

We need more information on this. What do you mean, choose between several certificates? If the certificates are correct, he should never see anything like that. What version of ADFS are you running and what are you Federating with?
  There are 3 Certificates in ADFS. The service communications needs to be from a trusted external CA. The others, Token signing and token decrypting are self signed Certificates only used with a Relying party trust.
  What happens when you test the connection? https://<your external ADFS Url>/adfs/ls/IdpInitiatedSignon.aspx ?
Share the screeshot, what exactly, user is trying to access and error faced by user. I suspect user is using IDP URL or there is some configuration issue.
You cannot turn if off or specify a default. You can only remove the rest so that there's one
I believe you are saying that user's are presented with drop down list against user has to choose his relying party
The solution to this is when you configure application, add adfs idpsignon url with smartlink to respective relying party

https://www.enowsoftware.com/solutions-engine/using-smart-links-to-improve-the-login-process-to-office-365-applications
Avatar of Eprs_Admin

ASKER

Hello,

now I am sitting at another customer.
There is no ADFS issue right now.

But please can give me some hints, how to troubleshoot first, when we have problems with ADFS ?

The testlink is very useful. Thanks.

Do you have some other ways , maybe a checklist or something else ?
From troubleshooting,  you need to focus on both IDP provider and application using claims. If (As IDP provider) you configured the required claims for application, then next step is from application end, to use those claims and allow the login process. From IDP end, you can review ADFS logs, by enabling it. You can also use tools like fiddler to troubleshoot ADFS issue. Basic, this is what i use to check:

1) Check Service, logs related to ADFS. Make sure all services are running.
2) Directory provider is available. Like AD or SQL is working.
3) Enable ADFS advance logging and review for issues.
4) Work with Application team to understand claim requirements.
5) Accessing and checking IDP URL is working fine.
ASKER CERTIFIED SOLUTION
Avatar of Jeff Glover
Jeff Glover
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks Jeff and Amit...:-)
I will look into it.

The request coming from external.