SharePoint 2013: Error: ID3204: WS-Federation SignIn request must specify a ‘wtrealm’ or ‘wreply’

As you may know, I work with Microsoft products, SharePoint specifically lately. I ran into an issue with the setup of utilizing ADFS as a claim token provider for authentication on a specific URL.

The issue was…

Error: ID3204: WS-Federation SignIn request must specify a ‘wtrealm’ or ‘wreply’

There was more to this with custom errrors on. I like it when I get the full spiel from .NET.

While I care very much for wreply in my situation, I didn’t get initially what was broken… the setup of a token issuer is quite simple, especially ADFS, it’s less fuss and a Microsoft product. Plus my scripts usually don’t fail me much.

After a quick working environment comparison and running a few powershell scripts, I saw that my realm providers did not have the URN attached.

Key                                        Value
—-                                      —–
https://URL1/
https://URL2/
https://URL3/
https://URL4/
https://URL5/
https://URL6/
https://URL7/

Bah Humbug…

A quick clear, of the values.

$ap = Get-SPTrustedIdentityTokenIssuer
$ap.ProviderRealms.Clear()
$ap.Update()

And re-run my script… and voila…

Key                                        Value
—-                                      —–
https://URL1/                     urn:fancy1:fancy1
https://URL2/                     urn:fancy1:fancy1
https://URL3/                     urn:fancy1:fancy1
https://URL4/                     urn:fancy1:fancy1
https://URL5/                     urn:fancy1:fancy1
https://URL6/                     urn:fancy1:fancy1
https://URL7/                    urn:fancy1:fancy1

The urn:fancy1:fancy1 provider realm matches the ADFS relying party I had setup before. Now my site works…

 

 

 

 

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s