First I am new to the topic ADFS and Reverse proxy. The goal is a Single-Sign-On OAuth2 authentication for SPA Web application.
I have an on premises ADFS Server called "Server-A" which is on "Domain-A" and an web server called "Server-B" which is on "Domain-B". Also I have one proxy server called "Server-C". Now if any user want to access any resource of my web Server-B then they need to authenticate first and this happening via ADFS(Server-A), this ADFS call is happening via proxy Server-C.
Problem –
If I am trying to access ADFS server directly (without proxy) then user able to login and I am getting token and claims both. But if I am trying to access via proxy then when posting back the token throwing below error(found on ADFS event log) –
Encountered error during federation passive request.
Additional Data
Protocol Name:
wsfed
Relying Party:
Exception details:
System.ArgumentNullException: Value cannot be null.
Parameter name: encodedGenericRequest
at Microsoft.IdentityServer.Web.Protocols.GenericProtocolRequest..ctor(String encodedGenericRequest)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.GetOriginalRequestFromResponse(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
I am using ADFS 3.0 and Window Server 2012 R2 and reverse proxy using ARR and URL rewrite module on IIS.
I am looking for a solution for the above issue.
Thanks in advance.
