Very simple setup 2 adfs BE Servers and one proxy. Application name https://adfsapps.abc.local/ADFSApp1/ (basic Claims aware App). STS url is STS2.abc.local. If Application is published as Pass-Thru it works fine But if Pre-Authentication is used then getting errors 511 which says -
The incoming sign-in request is not allowed due to an invalid Federation Service configuration.
Request url: /adfs/ls?version=1.0&action=signin&realm=urn'%'3AAppProxy'%'3Acom&appRealm=39015c2f-5b7e-e511-80be-00155d1b2104&returnUrl=https'%'3A'%'2F'%'2Fadfsapps.abc.local'%'2FADFSApp1'%'2F&client-request-id=356DDEB4-1336-0000-1EE6-6D353613D101
User Action: Examine the Federation Service configuration and take the following actions: Verify that the sign-in request has all the required parameters and is formatted correctly. Verify that a web application proxy relying party trust exists, is enabled, and has identifiers which match the sign-in request parameters. Verify that the target relying party trust object exists, is published through the web application proxy, and has identifiers which match the sign-in request parameters.
AND Error 364 - Encountered error during federation passive request.
Additional Data Protocol Name: Relying Party: Exception details: Microsoft.IdentityServer.Web.InvalidRequestException: MSIS7009: The request was malformed or not valid. Contact your administrator for details. at Microsoft.IdentityServer.Web.Protocols.MSISHttp.MSISHttpProtocolHandler.ValidateSignInContext(MSISHttpSignInRequestContext msisContext, WrappedHttpListenerRequest request) at Microsoft.IdentityServer.Web.Protocols.MSISHttp.MSISHttpProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request) at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext& protocolContext, PassiveProtocolHandler& protocolHandler) at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
The events get generated at the BE Servers. Any help would be highly appreciated.
