Wikis - Page

Knowledge Doc: WS-Federation Authentication Request fails with error 200104067 The target domain is unknown

0 Likes

Summary
WS-Federation Authentication Request fails with error 200104067 The target domain is unknown. Contact your administrator. Cause: URL is not configured as a whitelist domain or it is invalid.

Products
Access Manager (NAM)

Environment
Access Manager 5.0.3
IDP Server has been configured as WS-Federation Identity Provider


WS-Fed: The wreply parameter is filtered. If the requested wreply is not in the white list, Identity Server does not login. However, if wreply is same as the provider's single logout or single sign-on URL domain, the request is accepted.

SAML2: For idpsend, the target parameter is filtered using this list. This list is not applicable for spsend.


Situation

  • The WS-Federation signin Request initiated by the SP fails with
  • 200104067 The target domain is unknown. Contact your administrator.
    Cause: URL is not configured as a whitelist domain or it is invalid.
    Action: If the URL is valid and required, contact the administrator to get it configured in the redirection whitelist.

Cause

  • the wreply parameter value has to match the complete sloUrl or ssoUrl stored within the WS-Fed SP and not just the domain. As the wreply parameter does not match an entry with the IDP Redirect Whitelist is required

Resolution

  • Add the domain used within the wreply parameter to the IDP server Redirection Whitelist

Knowledge Base Article Link


URL Name
KM000016922

Labels:

Support Tips/Knowledge Docs
Comment List
Related
Recommended