Authentication fails when you try to sign in to an application on a Windows Server 2012 R2-based AD FS instance

View products that this article applies to.

Symptoms

Consider the following scenario:

You federate an application through a Windows Server 2012 R2-based AD FS (Active Directory Federation Services) instance that is an identity provider for the application.
You define a Relying Party (RP) trust to the application on the AD FS instance. Additionally, you configure the application to send signed SAML requests that have percent-encoded characters in uppercase to the AD FS instance.
You define a Claims Provider trust on the Windows Server 2012 R2-based AD FS instance to point to another AD FS instance that has an RP trust defined.
You try to sign in to the application, and then the Home Realm Discovery page is displayed.

In this scenario, you cannot sign in to the application because the signature verification fails. Additionally, event ID 303 is logged on the AD FS instance, and it contains the following error message:

The Federation Service encountered an error while processing the SAML authentication request.

↑ Back to the top

Resolution

To resolve this problem, install the November 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

More Information

See the terminology that Microsoft uses to describe software updates.

↑ Back to the top

Applies to:

↑ Back to the top

Keywords: kbqfe, kbfix, kbsurveynew, kbexpertiseadvanced, kb

↑ Back to the top

Article Info

Article ID	:	3004496
Revision	:	1
Created on	:	1/7/2017
Published on	:	1/7/2015
Exists online	:	False
Views	:	210

Microsoft KB Archive Search

Authentication fails when you try to sign in to an application on a Windows Server 2012 R2-based AD FS instance

Symptoms

Resolution

Status

More Information

Applies to: