AnsweredAssumed Answered

ADFS authentication agent - support for ADFS 4.0 (Server 2016)?

Question asked by Paul Trimboli on Mar 30, 2017
Latest reply on Jun 6, 2017 by Kenn Chong

The product page for RSA Authentication Agent for Microsoft AD FS says it is qualified on Server 2012 R2.

We have installed it on a 2016 server but encounter an error after username/password authentication. The message logged to the event log is: No style sheet is configured in the active theme for default locale [en-AU/3081]. The SAML response sent indicates a Responder error.

I've confirmed that disabling multi-factor authentication results in a successful response, so it does appear to be the RSA ADFS agent triggering this.

Just wanted to confirm that the RSA ADFS authentication agent (1.0.1) does not yet support ADFS 4.0/Server 2016 - and not that I've somehow messed up the installation.

Assuming that this just isn't supported yet, are there any plans to add support for ADFS 4.0?


We did do a pilot installation on 2012 R2 which appeared to work fine - it was on a separate domain without any tokens so we weren't able to test actually logging in with a token, but we did receive the RSA Securid token prompt after password authentication. We would prefer to use 2016 due to the increased customisation options for the sign-in pages... which appears to be exactly what the problem is.


For more information, the stack trace from the error suggests it is caused by trying to invoke the external authentication agent:


Exception details:
Microsoft.IdentityServer.Web.WebConfigurationException: No style sheet is configured in the active theme for default locale [en-AU/3081].
   at Microsoft.IdentityServer.Web.UI.ThemeAuthoringEngine.PrepareTheme()
   at Microsoft.IdentityServer.Web.UI.PageBase.get_ThemeAuthoringEngine()
   at Microsoft.IdentityServer.Web.Authentication.External.AdapterPresentationManager.get_ResponseCulture()
   at Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationHandler.Process(ProtocolContext context)
   at Microsoft.IdentityServer.Web.Authentication.AuthenticationOptionsHandler.Process(ProtocolContext context)
   at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)