Setting up Windows Azure Pack with ADFS

Question

I'm trying to setup the Windows Azure Pack Admin Site with Authentication from ADFS. I followed the given installation checklist from TechNet (http://technet.microsoft.com/en-us/library/dn469338.aspx). ADFS works fine for a lot of other applications in our environment. But here I will get an Server-Error:

SecurityTokenValidationException: ID4220: The SAML Assertion is either not signed or the signature's KeyIdentifier cannot be resolved to a SecurityToken. Ensure that the appropriate issuer tokens are present on the token resolver. To handle advanced token resolution requirements, extend SamlTokenSerializer and override ReadToken.

The configuration Database knows the correct token signing certificate, but the application will always throw an Error 500 at me.

score 1 · Accepted Answer · answered Jan 14 '14 at 09:28

1

Well I resolved the problem.

Microsofts deployment guide (http://technet.microsoft.com/en-us/library/dn469336.aspx), about how to deploy Windows Azure Pack with ADFS misses one little fact. The Relying Party has to set EnableJWT to true. Thanks for being precise about that in the manual...

Here's the Powershell snippet to adjust the RP

Set-AdfsRelyingPartyTrust -TargetIdentifier http://azureservices/AdminSite -EnableJWT $true

answered Jan 14 '14 at 09:28

TGlatzer

81
10

It is mentioned here: http://blogs.technet.com/b/privatecloud/archive/2013/12/17/federated-identities-to-windows-azure-pack-through-ad-fs-part-2-of-3.aspx – rbrayb Jan 20 '14 at 00:21

Setting up Windows Azure Pack with ADFS

1 Answers1