Eprs_Admin
asked on
ADFS Troubleshooting
Hi Experts,
can you help me with ADFS trouble shooting ?
When my client connects to ADFS, he has to choose between several certificates.
Is it possible to switch it off ?
Do you have any guidelines how to troubleshoot ?
Maybe some sites to test ?
Test authentication and so on ?
can you help me with ADFS trouble shooting ?
When my client connects to ADFS, he has to choose between several certificates.
Is it possible to switch it off ?
Do you have any guidelines how to troubleshoot ?
Maybe some sites to test ?
Test authentication and so on ?
Share the screeshot, what exactly, user is trying to access and error faced by user. I suspect user is using IDP URL or there is some configuration issue.
You cannot turn if off or specify a default. You can only remove the rest so that there's one
I believe you are saying that user's are presented with drop down list against user has to choose his relying party
The solution to this is when you configure application, add adfs idpsignon url with smartlink to respective relying party
https://www.enowsoftware.com/solutions-engine/using-smart-links-to-improve-the-login-process-to-office-365-applications
The solution to this is when you configure application, add adfs idpsignon url with smartlink to respective relying party
https://www.enowsoftware.com/solutions-engine/using-smart-links-to-improve-the-login-process-to-office-365-applications
ASKER
Hello,
now I am sitting at another customer.
There is no ADFS issue right now.
But please can give me some hints, how to troubleshoot first, when we have problems with ADFS ?
The testlink is very useful. Thanks.
Do you have some other ways , maybe a checklist or something else ?
now I am sitting at another customer.
There is no ADFS issue right now.
But please can give me some hints, how to troubleshoot first, when we have problems with ADFS ?
The testlink is very useful. Thanks.
Do you have some other ways , maybe a checklist or something else ?
From troubleshooting, you need to focus on both IDP provider and application using claims. If (As IDP provider) you configured the required claims for application, then next step is from application end, to use those claims and allow the login process. From IDP end, you can review ADFS logs, by enabling it. You can also use tools like fiddler to troubleshoot ADFS issue. Basic, this is what i use to check:
1) Check Service, logs related to ADFS. Make sure all services are running.
2) Directory provider is available. Like AD or SQL is working.
3) Enable ADFS advance logging and review for issues.
4) Work with Application team to understand claim requirements.
5) Accessing and checking IDP URL is working fine.
1) Check Service, logs related to ADFS. Make sure all services are running.
2) Directory provider is available. Like AD or SQL is working.
3) Enable ADFS advance logging and review for issues.
4) Work with Application team to understand claim requirements.
5) Accessing and checking IDP URL is working fine.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Jeff and Amit...:-)
I will look into it.
The request coming from external.
I will look into it.
The request coming from external.
There are 3 Certificates in ADFS. The service communications needs to be from a trusted external CA. The others, Token signing and token decrypting are self signed Certificates only used with a Relying party trust.
What happens when you test the connection? https://<your external ADFS Url>/adfs/ls/IdpInitiatedS