ADFSv2.1 redirect infinite loop

adfs

I'm trying to setup an ADFS server in a lab to test out the federation authentication mechanism.

I'm following this guide: http://www.syfuhs.net/post/2010/08/13/Installing-ADFS-2-and-Federating-an-Application.aspx up until the part when they create the web site, of course.

The test web site is a just a file->new proyect->mvc5 with organizational account, just as the official documentation states should be: http://www.asp.net/visual-studio/overview/2013/creating-web-projects-in-visual-studio#orgauthonprem

When I try this setup with azure ad, there is no problem and works beautifully, but with my ADFS, I get a redirect loop of 302 found (screenshot)

Up to my knowledge (which is very limited) everything is correctly configured on the ADFS and don't know how to even start to troubleshoot this. I've searched google and came to no response, also have a parallel stackoverflow question on this, but I thought maybe IT experts can give me more light on the subject.

Any help will be appreciated.

EDIT 1: Attempting to demonstrate minimal understanding, here we go.

I'm Using ADFS V2.1 on Windows Server 2012

What have I done: I tried setting the RP Endpoint as Ws-Federation (given that the new MVC5 Templates uses that technology) pointing the Url to my site. This had no impact on the observed behavior.

Tried using invalid credentials, with expected behavior: asks for credentials again and again until 403 is returned.

Setted up Azure AD just to test out the MVC5 configuration, with the same code, just changing the endpoint urls. Observed behavior: it works with no problem.

The patches suggested in the responses are not applicable to ADFS 2.1 (yes, I forgot to mention that detail >_<)


I have seen the looping behaviour occur after MS13-066 is installed.

Please ensure you have installed all the updates for AD FS correctly. This includes the latest AD FS 2.0 rollup 3 http://support.microsoft.com/kb/2790338 and MS13-066 security update and the post MS13-66 hotfix to address issues with that update http://support.microsoft.com/kb/2896713.


I observed the same 302 redirect loop with ADFS 2.0 when using a Encryption certificate for the Relying Party I generated myself using makecert. In addition to the redirect in the browser ADFS 2.0 would log errors with Event ID 317 saying "An error occurred during an attempt to build the certificate chain..."

Since this was development, it was acceptable to turn off the check for this using PowerShell

Add-PSSpanin Microsoft.Adfs.PowerShell
Set-ADFSRelyingPartyTrust -TargetName my.relyingparty.com -EncryptionCertificateRevocationCheck None

This stopped the 302 redirect loop

Related

How to make nginx remap a part of the URL without sending a redirection?
Will using ACCEPT then DROP for a specific port/ip couple allow the ip but nothing else on that port?
Dovecot - plus sign in mailbox name
AWS CLI Elastic IP, IPv6
Sendmail Configuration to not deliver mail to local machine
Switching authoritative nameservers - how do you set the TTL?
Can I change a live SQL Database from Autogrow safely?
Will upgrading to Lion boost performance and responsiveness?
Deleting a partition in Disk Utility fails. (Error: -69879)
Is there any free/paid Windows emulator for Mac OS X?
Badge count for number of items in a folder on the Dock?
How do I manage locations for the Reminders iPhone app?