SecureAuth IdP Version Affected: All
Description:
The error: "Server Error in '/SecureAuthX' Application. The resource cannot be found." is received when trying to see the FederationMetaData on a realm that is configured for Windows SSO (WinSSO) e.g.:
https://idp.domain.com/SecureAuth2/FederationMetadata/2007-06/FederationMetadata.xml
If the realm is configured to use FBA (Forms Based Authentication) the above error is not seen and the XML is retrievable.
Cause:
WinSSO realms usually have User Impersonation enabled. The virtual path to /FederationMetadata/2007-06/ will inherit the impersonation setting from the root of the realms virtual directory in IIS.
Resolution:
When WinSSO is enabled on a realm, it is necessary to disable impersonation for the Federation metadata XML virtual path: FederationMetadata/2007-06
1. Click on the System Info tab | Edit Web Config or alternatively decrypt the realm and edit with a text editor.
2. Insert the following XML within the section for FederationMetadata/2007-06:
<system.web>
<identity impersonate="false" />
</system.web>
It should look like this when complete:
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.
Comments
Please sign in to leave a comment.