As you may know, I work with Microsoft products, SharePoint specifically lately. I ran into an issue with the setup of utilizing ADFS as a claim token provider for authentication on a specific URL.
The issue was…
Error: ID3204: WS-Federation SignIn request must specify a ‘wtrealm’ or ‘wreply’
There was more to this with custom errrors on. I like it when I get the full spiel from .NET.
While I care very much for wreply in my situation, I didn’t get initially what was broken… the setup of a token issuer is quite simple, especially ADFS, it’s less fuss and a Microsoft product. Plus my scripts usually don’t fail me much.
After a quick working environment comparison and running a few powershell scripts, I saw that my realm providers did not have the URN attached.
A quick clear, of the values.
$ap = Get-SPTrustedIdentityTokenIssuer
And re-run my script… and voila…
The urn:fancy1:fancy1 provider realm matches the ADFS relying party I had setup before. Now my site works…