question

KumarNaveen-9631 avatar image
0 Votes"
KumarNaveen-9631 asked KumarNaveen-9631 commented

Azure ADFS MFA

Hello All,

I have enabled Azure MFA on ADFS. While testing from https://aka.ms/mfasetup I getting below error message. Followed multiple blogs and implemented suggestions like UPN update etc.

Could anyone please suggest solution for this error.

AADSTS50107: The requested federation realm object 'http://sso.xyz.com/adfs/services/trust' does not exist.

Thanks
Naveen

azure-active-directoryadfs
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

piaudonn avatar image
1 Vote"
piaudonn answered KumarNaveen-9631 commented

This is not an ADFS error. This is an Aure AD error (I added the Azure AD tag).

This basically says that your the federation settings you have for this domain in Azure AD are not matching the actual ID of your ADFS deployment. Or at least not the ID that ADF issued in its tokens.

Asusming you don't have a multiple domain environment, the following commands should return the same thing:

 # from a machine with the MSOnline module installed and connected
 (Get-MsolDomainFederationSettings -DomainName <your domain here>).IssuerUri


 # from an ADFS server
 (Get-ADFSProperties).Identifier

Then you need to proper claim issuance rule. You can generate them with this wizard if you are not sure which one should be set: https://adfshelp.microsoft.com/AadTrustClaims/ClaimsGenerator.

If you have a multiple domain environment let us know, it might be a bit different. Utlimatly, we use the user's UPN to generate the IssuerID in the token. That also might be why you see post here and there mentionning UPN issues. What is your current UPN situation? Routable domain name? Matching the email address?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TNo multiple domain. I have generated claims from Azure script which is given on portal.


c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"]
=> issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/claims/UPN"), query = "samAccountName={0};mail;{1}", param = regexreplace(c.Value, "(?<domain>[^\]+)\(?<user>.+)", "${user}"), param = c.Value);



c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"]
=> issue(store = "Active Directory", types = ("http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID"), query = "samAccountName={0};objectGUID;{1}", param = regexreplace(c.Value, "(?<domain>[^\]+)\(?<user>.+)", "${user}"), param = c.Value);

0 Votes 0 ·
KumarNaveen-9631 avatar image
0 Votes"
KumarNaveen-9631 answered KumarNaveen-9631 edited

Hello @piaudonn

Sorry for the delayed response. Thank you very much for the reply. I am getting below details
I have tried to check from Azure AD connect and was able to see the configuration but getting error message on verify federated login.

The federation service name sso.abcservice.com cannot be resolved.Confirm that the federation
service name is registered in DNS and is resolvable from this server.




Azure -

http://abcservice.com/adfs/services/trust/




ADFS -


AbsolutePath : /adfs/services/trust
AbsoluteUri : http://sso.abcservice.com/adfs/services/trust
LocalPath : /adfs/services/trust
Authority : sso.abcservice.com
HostNameType : Dns
IsDefaultPort : True
IsFile : False
IsLoopback : False
PathAndQuery : /adfs/services/trust
Segments : {/, adfs/, services/, trust}
IsUnc : False
Host : sso.abcservice.com
Port : 80
Query :
Fragment :
Scheme : http
OriginalString : http://sso.abcservice.com/adfs/services/trust
DnsSafeHost : sso.abcservice.com
IdnHost : sso.abcservice.com
IsAbsoluteUri : True
UserEscaped : False
UserInfo :

Please suggest.

Thanks
Naveen

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.