jamestaylor Contributor.
Contributor.
1112 views

ADFS SPN requiring /adfs/services/trust/13/windowstransport


I've set up a single sign-on environment with AM 4.0.1 as the identity
provider and a remote adfs server as the service provider to provide
access to a web based custom app.
I've set up claims to allow access based on groups, and it has been in
operation for several months.
The application vendor is now introducing a new report printer that runs
on a local workstation in the local environment, and they are getting
an error that the
https://<server>/adfs/services/trust/13/windowstransport is not
accessible.
All of the vendors' other customers have ADSF as identity providers, and
the vendor support people are only fluent on the ADFS settings, not the
actual federated internals of it.
They say that this a a checkbox item on an ADFS server.
Is anyone familiar with this functionality, and what would be involved
to add it to my Access Manager configuration?


--
jamestaylor
------------------------------------------------------------------------
jamestaylor's Profile: https://forums.netiq.com/member.php?userid=5070
View this thread: https://forums.netiq.com/showthread.php?t=53536

0 Likes
5 Replies
Anonymous_User Absent Member.
Absent Member.

Re: ADFS SPN requiring /adfs/services/trust/13/windowstransport

jamestaylor wrote:

>
> I've set up a single sign-on environment with AM 4.0.1 as the identity
> provider and a remote adfs server as the service provider to provide
> access to a web based custom app.
> I've set up claims to allow access based on groups, and it has been in
> operation for several months.
> The application vendor is now introducing a new report printer that
> runs on a local workstation in the local environment, and they are
> getting an error that the
> https://<server>/adfs/services/trust/13/windowstransport is not
> accessible.
> All of the vendors' other customers have ADSF as identity providers,
> and the vendor support people are only fluent on the ADFS settings,
> not the actual federated internals of it.
> They say that this a a checkbox item on an ADFS server.
> Is anyone familiar with this functionality, and what would be involved
> to add it to my Access Manager configuration?


Can you get a fiddler trace or something similar?

--
Cheers,
Edward
0 Likes
jamestaylor Contributor.
Contributor.

Re: ADFS SPN requiring /adfs/services/trust/13/windowstransport


It looks like this is something on the SP side. The error on the
application is failing name resolution to a remote adfs server.
I think it's a dns error that they turned into a bigger problem because
we are running a "non-standard" environment.


--
jamestaylor
------------------------------------------------------------------------
jamestaylor's Profile: https://forums.netiq.com/member.php?userid=5070
View this thread: https://forums.netiq.com/showthread.php?t=53536

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: ADFS SPN requiring /adfs/services/trust/13/windowstransport

jamestaylor wrote:

>
> It looks like this is something on the SP side. The error on the
> application is failing name resolution to a remote adfs server.
> I think it's a dns error that they turned into a bigger problem
> because we are running a "non-standard" environment.


By the looks of it the SP might be trying to call adfs via a WS-Trust
call to exchange tokens. Hopefully you get it sorted out.

--
Cheers,
Edward
0 Likes
jamestaylor Contributor.
Contributor.

Re: ADFS SPN requiring /adfs/services/trust/13/windowstransport


That's exactly what it is.
I was able to determine where the configuration needs to be made in
Access Manager, but I'm at a loss as to how I need to set it up.
I believe I need some assistance from someone with more knowledge of
this than I have.
There seems to be an extreme lack of this type of resource.


--
jamestaylor
------------------------------------------------------------------------
jamestaylor's Profile: https://forums.netiq.com/member.php?userid=5070
View this thread: https://forums.netiq.com/showthread.php?t=53536

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: ADFS SPN requiring /adfs/services/trust/13/windowstransport

jamestaylor wrote:

>
> That's exactly what it is.
> I was able to determine where the configuration needs to be made in
> Access Manager, but I'm at a loss as to how I need to set it up.
> I believe I need some assistance from someone with more knowledge of
> this than I have.
> There seems to be an extreme lack of this type of resource.


How an STS works isn't that hard and the WS-Trust isn't all that
complicated really but how to do this in ADFS I really have no clue. It
can't be too complicated I'd say.

--
Cheers,
Edward
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.