This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

RSA Authentication Agent for Web 7.1.2 on Microsoft IIS and Windows 2008 Server R2 has http 500 error when protecting ADFS Ver. 2.0

Article Number

000032644

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Web
RSA Version/Condition: 7.1.2 for IIS
Platform: Windows
O/S Version: 2008 Server R2 Standard (64 bit)

Issue

ADFS ver. 2.0 on Windows 2008 R2 can be protected with the IIS Web agent, not the newer AD FS agent ver. 1.0.1.  2-factor Authentication not working, when protect the Web Site then access; it gets this error
Image descriptionImage description
 

Server Error
500 - Internal server error.
There is a problem with the resource you are looking for, and it cannot be displayed.
 


Also it gets this error.
Image descriptionImage description
HTTP 500 error with MSIS7012
You may also see HTTP 401, HTTP 402, HTTP 403 or HTTP 

Cause

Did not have the Windows Identity Foundation (WIF) API or SDK installed, so did not have WebID folder nor ClaimsAwareWebAppWithManagedSTS folder
Image descriptionImage description

After installing WIF should see the following folders under Default Web Site;

\adfs\ls 
​\ClaimsAwareWebAppWithManagedSTS and 
\WebID
 


 Image descriptionImage description

Resolution

Install WIF following the AD FS 2.0 (AD FS 2.0 Step-by-Step Guide: Integration with RSA SecurID in the Extranet):
Integration with RSA SecurID in the Extranet 
Step 1: Preconfiguration Tasks 
includes IP, DNS, SSL and Install WIF and Sample Application 
Step 2: Configure AD FS 2.0 Federation Server Proxy 
which includes Reconfigure DNS 
Step 3: Configure the Claims-Aware Application 
including how to Run the WIF Federation Utility - which appears to create the ClaimsAwareWebAppWithManagedSTS under the default site 
Step 4: Test the AD FS 2.0 Proxy Solution 
Step 5/6: Install/Configure RSA Authentication Agent for IIS web 
Step 7: Test RSA/AD FS 2.0 Proxy Solution

https://technet.microsoft.com/en-us/library/hh344805(v=ws.10).aspx 

Workaround

If the ClaimsAwareWebAppWithManagedSTS Application does not show under the Default Web Site in IIS after installing WIF, you may have to manually add it.  
Image descriptionImage description
Browse to the Folder
C:\Program Files(ver)\Windows Identity Foundation SDK\v(ver)\Samples\Quick Start\ClaimsAwareWebAppWithManagedSTS
Image descriptionImage description
Once the Application is added, you can follow the Implementation Guide to edit the Advanced Settings - Application Pool and change it to ADFS
Image descriptionImage description

One other thing, we saw Node Secret Mismatch with ADFS 2.0 protected Office 365 when Web Mail was accessed, even though the IIS Web Agent v. 8.0 RSA Authentication Agent Test Authentication was successful.  We fixed this with permissions;
1. Copied (not Moved!) node secret file securid and sdconf.rec from the RSA Agent directory to C:\Windows\System32
2. on the Properties of both copies of this securID file, we added Authenticated Users, and gave then both Read and Read And Execute Permissions

Notes

AD FS ver. 3.0 runs on Windows 2012 R2 and can be protected with the new RSA ADFS agent, currently ver. 1.0.1 as of Feb. 2016

Download the Microsoft Windows Identity Federation SDK here.
https://www.microsoft.com/en-us/download/details.aspx?id=4451  

AD FS 2.0 Federation with a WIF
https://technet.microsoft.com/en-us/library/adfs2-federation-wif-application-step-by-step-guide(v=ws.10).aspx 

Attachments
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-13 07:30 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.