AD FS may produce “An error occurred” page when logging in or performing Test Connection
Problem: AD FS may produce “An error occurred” page when logging in or performing Test Connection
Symptom: you may find an error like this in the Windows Event Logs for AD FS on the AD
FS server:
Microsoft.IdentityServer.Web.InvalidScopeException:
MSIS7007: The requested relying party trust
'https://172.31.46.208/remote_auth/metadata' is unspecified or unsupported. If
a relying party trust was specified, it is possible that you do not have permission
to access the trust relying party. Contact your administrator for details.
Solution:
In CPM under General Settings > Identity
Provider you’ll want to ensure that the CPM IP or DNS is set to match the CPM_ADDRESS in this example image in AD FS:
Field in CPM > General Settings > Identity Provider :
Related Articles
How to Integrate CPM with ADFS to allow Idp logins from windows AD users
Background: This How-To guide will outline how to configure CPM and a windows ADFS server to allow IdP logins. Before you get started you will need to check the prerequisites. This is very important. If they are not met or the Domain and any of the ...Failed to open IdP login page or to test connection with the errors: "HTTP Error 503. The service is unavailable." or "404 - File or directory not found."
Issue: When trying to connect to IdP from CPM, you may receive errors: "HTTP Error 503. The service is unavailable." or "404 - File or directory not found." There are no errors in the AD FS event log or OKTA System logs, as well as CPM logs. ...Login to the CPM using an IDP may fail with the "Invalid issuer" error message
If you're using an IDP, login to the CPM may fail with the following error message: login failed. reason: Invalid issuer in the Assertion/Response (invalid_response): It also may be found in the cpm_server.log: ERROR: ...Failed to login to AD FS with the error: "The status code of the Response was not Success, was Requester -> urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy (invalid_response)"
Issue: When trying to login to AD FS from CPM, you may receive an error: "The status code of the Response was not Success, was Requester -> urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy (invalid_response)" The same error can be found in the ...Logging into CPM using Identity Provider may fail with an error "An error occurred"
Issue: When trying to log in to CPM, you may receive the following error: In the CPM log files, there will be no related error messages, but in the Windows Event viewer you can find these errors: AD FS errors 261 and/or 364: AD FS error 364: AD FS ...