Directory Programming .NET

Hi,

some users have problems to log in using adfs (claims app).

If I setup logging at the web application (the agent) I see a warning:

SAML audience (https://xxxl/) does not match an allowed audience.

For a user which can log on the Sign In Response Dump shows:

010-08-26T12:16:47 [VERBOSE] Parse: Token NOT found in cache
2010-08-26T12:16:47 [VERBOSE] SAML: effectivetime = 08/26/2010 12:16:46
expirationtime = 08/26/2010 13:16:46
2010-08-26T12:16:47 [VERBOSE] Verifying Cert Thumbprint - 53DB12AFE13FC0437E420046EF1BD2A89E594AEF
2010-08-26T12:16:47 [VERBOSE] Verifying Key Exponent - 3
2

For a user for which it doesn't work:

2010-08-26T12:02:48 [VERBOSE] Parse: Token NOT found in cache
2010-08-26T12:02:48 [VERBOSE] SAML: effectivetime = 08/26/2010 12:02:47
expirationtime = 08/26/2010 13:02:47
2010-08-26T12:02:48 [WARNING] SAML audience (https://xxx/) does not match an allowed audience.
2010-08-26T12:02:49 [VERBOSE] Converting final URL http://aaa.aspx?aspxerrorpath=/MRPortal/Default.aspx from http to https.
2010-08-26T12:02:49 [VERBOSE] IsClientAnOfficeApp: GET Request Method.

Any ideas?

Thanks,

René

Hi,

I solved it.

We have a bit of strange configuration which I won't explain right now.

Within this configuration you can use .net and .com as url for the application: so application.oce.com or application.oce.net. But only one is configured in Adfs.

The user with the error tried: application.oce.com but should have used application.oce.net

Regards,

René