facing issue in the adfs and fedlet fedration

StackOverflow https://stackoverflow.com/questions/13454088

  •  30-11-2021
  •  | 
  •  

Question

I am also trying to explore the fedlet + adfs federation.

What I have is:

  1. an adfs server installed on machine A. I have also added the fedlet as the relying part but when I enter the replying party federation metadata url and click on test url its throwing me his exception : An error occurred while reading the federation metadata. Verify that the url or the host-name is valid federation metadata endpoint. But I have added the certificate of fedlet in the relying part and also set the algorithm is SHA-1.

  2. an openam setup is done on machine B. Added the the adfs certificate in the openam and in the tomcat on this same machine.

  3. created a fedlet using this openam build and have setup the adfs as my hosted identity provider which is installed on machine A. And this generated fedlet war is also deployed on machine B

What is happening:

  1. When I access the fedlet link from the browser of machine A it is having to links on click of line 1 it makes a call to the adfs and asks for adfs login credentials.

  2. Once I enter the credentials it redirects me back to the fedlet application, But the following exception is getting thrown:

Http status 500 - invalid status code in response.

I would be very thankful if anyone can help me with the solution for this exception.

Update:

When I decoded the response sent to the fedlet application using the saml tracer plugin of firefox I get the following:

pVZpk6LKEv3%2BIt5%2F6Oj5SHSzimh0d0QBLqiobKJ8ecFSIsgmBbL8%2Bov2OK%2B7x5k39z6JcMlKT9bJU5WZL8iOo2yoQpSlCYIPkvj6%2BB%2BX4TjW8ZinPU3vn5g9yz05LMs8eSzDEIRjk9CDj%2F%2F%2B18OX1wbmKEiT10fqmbizLCFUQilBhZ0UnQ9BUk8k%2BUQROjEY9ohhr%2F9M0rR1548iREWQ2MUV%2B1AUGRrieP18ffA99CJYfP%2BwsywK3KvnHRzhwvASu8yTYWqjAA0TO4ZoWLhDDciLYbfvofvuNCwTlEE32AfQu8cluWVMT18fEeUyFAG5Pst6vR7L0LTrsjTLUHZv4PaJHuvZLNlzaOJe1uo4StDwKsPvd5blaZG6aXQH4%2B3d9HJNcf4O%2BXswGyGYX%2FP0dslol1Db26NnL43tIHl20%2Fj6G%2B%2BczoELEV7kJSpe8PcAt3AeGmqB3ylT5vA7Dw%2B9S9QBVlX1XNHPae7jFEEQODHAOx8PBf63x7f%2FcrihQE9K9unbZ3KXRcFO0qRTNQraq7IyLA6p9wAiP82D4hD%2FIiCJk8Ql4BOs3SeXZJJvjw%2F4HfgfDP4Q9xORHNlP6GCT96FVuIc5TFz4YKjS6%2BO3P7tYbz%2FrewHTcztB%2BzSP0R2Hn5z%2BHg2YnGGUZtB7Qrds%2FMzon8X5ExmuqPj%2F4niJKwZ%2BVwz%2BiVL3VfqMu7GjEr55ZX9anpIN2bf6qoct96bqrszMOs92r9ddfnT%2BIjr%2BUfWPhxz%2F1Sn%2FdATfMXf2EqT0SJLI49QOGnqZm0WTJUpPTaaypiog27Pbs7tjTUFgGCsmZlFu2cfjckU006q%2FHkT7zelc78wGyQythpzobCYBNjuhY6GUROvaU2%2FPMP05e9R9ZtuPPMWWpVHsj%2Bt1eZhVcrPqp9i2EElWbQQqFARrMAl3PqUjESMYV9C1FOgL45zmlrW2R%2Bf%2BLmwXI08cGOo%2BwAesH6hj3%2B%2BdMNiGU7IsqNY%2FlHr37lq8OeZmNUkJ7KHAcDgZr0f2om8d0h5LMbXXXYOpv%2FHLw1JbgRmcmU5ixgfBXXBOnzvJRL4O%2Brs%2BNwbhVJm6XLOwkCILo%2FmZQ81JdzyIn4WDJ2VujCowckdBKWm2T58oAF5ff4jwIdcfhJjD5qLNrXr%2BvSp2k3LbIwaiXdi%2FOGeXZeFSePeXNgXfZEkS6C7BwLV9UEk88CXFoOK68sPVmBmDjCYtpwYKbMGS94%2BnwzGYDCqCBwoaAxHksnasZtVO3CiKOGp4Xh1ZujReZhbVy5zY9RcaT9sm09itX1pmr91tZ8UiXp4dHcBxRdRyOKpl0a3k1mDkkLevtvazTRZQPddBwvvLDQ9kXRqNR2ok%2BwYVJU4clVYDCmnqZU44y1dCL3KS5cGNiXJHDYqOHy%2BFX%2Fc%2BGgOwEoDCgcu64M%2B77yOQzeuUDHB9uuOqJZrI%2FcBuIW5PxxMu4bdYP%2FDS88KYZAZacO3By2miCEuVZ%2BtclRf0fn7Gp%2BegpbE6JVZy6ykGia1U3m0AEBkL2yxoYiEYRInlSdV4Hr6ar4Kgql1sPGkt6kTvBxUTCyaIHCTRbdavV4W%2F25BrsivLTTEjJ0Wk4dZ0MyvXihVmMuLoaGVtNqmhRhHGnYxeaRqN6QasFFcZq54napYw51lTj8wskQsNKD0qYo9OuLD0CO1VFVfpdWSRM2LJl%2BRaBAvZ3x7yqXscTBJB5wbqZK7vnXPeugI3O%2BSM0RLmCizNnSjHa0WjS42khd7a7Z82JEpzODpHI9USKJfWdoGAjs7BLxRJBArgZUBMBO000SSHFpURL1QGAEx33hTe8nLYqpQYOw3XAjvsT%2FltVyfWerYJnUgtx2OJYXYn2VDPYh1L3FkaVGo4XxaZcqIaQwudrZqmLhpVOzecjgWBNGe5iRlJuDrYbojpwuGEHTlmBU%2FmhK4yaZq4Jh3QvfocZlufqAmy8Bel4YOVtFtSq3mCHTcoL3DnCBtSbR14sPgQQUmiNDs4JtDugT1OcnYc6GW1sAG5Ya2d56i67i3pNVaLE6ewgbeeDTQ585Vdj1tjyr60HCoiG4xpbWuCTeudU2NGoG6zoBFhn%2BoNEnrixfpxEk6aza4AKcoJlipdUQyTZJxYuTZL5%2Bqq6wuxztIZu41509d0k8a74hMP5Hqzma5PUcnbalkY11Lz9bLf6RV3ysUL%2Fr0Q3aasT1XrZnwf27WiM37slZ%2FsQurBh2uZ%2B%2F0siK7eXd86lV1fg%2FlPde3%2FAJWScze4ectuXRLXaTedN5%2B78Av%2BFf0H7y8cb4bb5N2ZLs9f

The above code is in encoded form please decode it.

So according to my understanding the exception is coming due to some invalid nameid policy. How should I solve this problem?

Was it helpful?

Solution

"An error occurred while reading the federation metadata."

You can often ignore this. I assume your connection is https?

Why do you have a certificate for the fedlet? Are you trying to sign the AuthnResponse?

Look at the ADFS logging - How to Enable Debug Logging for Active Directory Federation Services 2.0 (AD FS 2.0)

Set logging on in the fedlet - in FederationConfig.properties:

#com.iplanet.services.debug.level=error
com.iplanet.services.debug.level=message

Look at the SAML data - ADFS : I want to see the SAML data

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top