Home

Results 1 to 6 of 6

Thread: ADFS SPN requiring /adfs/services/trust/13/windowstransport

Hybrid View

  1. #1
    Join Date
    Feb 2008
    Posts
    28

    ADFS SPN requiring /adfs/services/trust/13/windowstransport


    I've set up a single sign-on environment with AM 4.0.1 as the identity
    provider and a remote adfs server as the service provider to provide
    access to a web based custom app.
    I've set up claims to allow access based on groups, and it has been in
    operation for several months.
    The application vendor is now introducing a new report printer that runs
    on a local workstation in the local environment, and they are getting
    an error that the
    https://<server>/adfs/services/trust/13/windowstransport is not
    accessible.
    All of the vendors' other customers have ADSF as identity providers, and
    the vendor support people are only fluent on the ADFS settings, not the
    actual federated internals of it.
    They say that this a a checkbox item on an ADFS server.
    Is anyone familiar with this functionality, and what would be involved
    to add it to my Access Manager configuration?


    --
    jamestaylor
    ------------------------------------------------------------------------
    jamestaylor's Profile: https://forums.netiq.com/member.php?userid=5070
    View this thread: https://forums.netiq.com/showthread.php?t=53536


  2. #2
    Edward van der Maas NNTP User

    Re: ADFS SPN requiring /adfs/services/trust/13/windowstransport

    jamestaylor wrote:

    >
    > I've set up a single sign-on environment with AM 4.0.1 as the identity
    > provider and a remote adfs server as the service provider to provide
    > access to a web based custom app.
    > I've set up claims to allow access based on groups, and it has been in
    > operation for several months.
    > The application vendor is now introducing a new report printer that
    > runs on a local workstation in the local environment, and they are
    > getting an error that the
    > https://<server>/adfs/services/trust/13/windowstransport is not
    > accessible.
    > All of the vendors' other customers have ADSF as identity providers,
    > and the vendor support people are only fluent on the ADFS settings,
    > not the actual federated internals of it.
    > They say that this a a checkbox item on an ADFS server.
    > Is anyone familiar with this functionality, and what would be involved
    > to add it to my Access Manager configuration?


    Can you get a fiddler trace or something similar?

    --
    Cheers,
    Edward

  3. #3
    Join Date
    Feb 2008
    Posts
    28

    Re: ADFS SPN requiring /adfs/services/trust/13/windowstransport


    It looks like this is something on the SP side. The error on the
    application is failing name resolution to a remote adfs server.
    I think it's a dns error that they turned into a bigger problem because
    we are running a "non-standard" environment.


    --
    jamestaylor
    ------------------------------------------------------------------------
    jamestaylor's Profile: https://forums.netiq.com/member.php?userid=5070
    View this thread: https://forums.netiq.com/showthread.php?t=53536


  4. #4
    Edward van der Maas NNTP User

    Re: ADFS SPN requiring /adfs/services/trust/13/windowstransport

    jamestaylor wrote:

    >
    > It looks like this is something on the SP side. The error on the
    > application is failing name resolution to a remote adfs server.
    > I think it's a dns error that they turned into a bigger problem
    > because we are running a "non-standard" environment.


    By the looks of it the SP might be trying to call adfs via a WS-Trust
    call to exchange tokens. Hopefully you get it sorted out.

    --
    Cheers,
    Edward

  5. #5
    Join Date
    Feb 2008
    Posts
    28

    Re: ADFS SPN requiring /adfs/services/trust/13/windowstransport


    That's exactly what it is.
    I was able to determine where the configuration needs to be made in
    Access Manager, but I'm at a loss as to how I need to set it up.
    I believe I need some assistance from someone with more knowledge of
    this than I have.
    There seems to be an extreme lack of this type of resource.


    --
    jamestaylor
    ------------------------------------------------------------------------
    jamestaylor's Profile: https://forums.netiq.com/member.php?userid=5070
    View this thread: https://forums.netiq.com/showthread.php?t=53536


  6. #6
    Edward van der Maas NNTP User

    Re: ADFS SPN requiring /adfs/services/trust/13/windowstransport

    jamestaylor wrote:

    >
    > That's exactly what it is.
    > I was able to determine where the configuration needs to be made in
    > Access Manager, but I'm at a loss as to how I need to set it up.
    > I believe I need some assistance from someone with more knowledge of
    > this than I have.
    > There seems to be an extreme lack of this type of resource.


    How an STS works isn't that hard and the WS-Trust isn't all that
    complicated really but how to do this in ADFS I really have no clue. It
    can't be too complicated I'd say.

    --
    Cheers,
    Edward

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •