Jorge's Quest For Knowledge!

All About Identity And Security On-Premises And In The Cloud – It's Just Like An Addiction, The More You Have, The More You Want To Have!

Archive for the ‘Troubleshooting’ Category

(2015-07-10) HTTP Error 400 Bad Request – Error When Accessing Claims Based Website

Posted by Jorge on 2015-07-10


Do you have a claims based website and do you get the following error when accessing the website?

image

Figure 1: HTTP Error 400 – Bad Request

Does the problem go away if you remove a large number of claims rules that issue a large number of claims? If yes, the issues is most likely that the "Request header too long", although it is not mentioned. When that happens, in this case, the user is not necessarily a member of too many groups. In this too many claims having generated and presented to the application. The solution is to increase the default HTTP header or packet size. See the first article on the list of articles below to understand how to solve it. However, Instead of increasing the HTTP header or packet size, see if you can optimize the claims rules to process/issue less claims!

After configuring this, reboot the server!!

Additional Information:

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Advertisement

Posted in Active Directory Federation Services (ADFS), Claims, Claims Based Apps, Security Tokens, Troubleshooting | 1 Comment »

(2015-07-06) HTTP Error 503 The Service Is Unavailable – When Accessing Claims Based Website Or Federation Metadata URL

Posted by Jorge on 2015-07-06


Do you have a claims based website and do you get the following error when either accessing the website or the federation metadata of the application?

image

Figure 1: HTTP Error 503 – Service Unavailable

To try to resolve this error, do the following:

  • Check the credentials of the user account in the web application pool that is servicing the claims based application
  • Check if either the user account in the web application pool that is servicing the claims based application or the builtin group IIS_IUSRS has the user right "Log On As A Batch Job" on the server running the claims based application
  • Make sure the web application pool is running and not stopped

After configuring this, execute GPUPDATE /FORCE and IISRESET

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Posted in Active Directory Federation Services (ADFS), Claims Based Apps, Federation Metadata, Troubleshooting | Leave a Comment »

 
%d bloggers like this: