AD FS 2.0 and WIF, MSIS7001 Error

Question

I installed the AD FS 2.0 and I installed the WIF and VS2010 on another machine which out of the domain.

I created an ASP.NET MVC 3 application and configured through the Add STS Reference wizard, it downloaded the FederationMetadata.xml from my AD FS.

I added the relying party trusts in AD FS, specified the identifier to the URL of my MVC application (http://localhost:16034/), and created a claim rule which is Pass Through or Filter an Incoming Claim, with the incoming claim type was Windows Account Name.

I also added an endpoint in the RP of WS-Federation, and the URL was https://192.168.56.101/adfs/ls/, which the my AD FS IP address.

Then, when I start the website it was redirected to the AD FS which was https://192.168.56.101/adfs/ls/?wa=XXXX&wtrealm=XXXXX. But finally I got an error page said the page was error with a reference code.

I checked on the AD FS machine and found the error was

MSIS7001: The passive protocol context was not found or not valid. If the context was stored in cookies, the cookies that were presented by the client were not valid. Ensure that the client browser is configured to accept cookies from this website and retry this request.

But the problem was that, when I use Fiddler I can see my HTTP requested with the cookies such as MSISAuth = XXXXX MSISAuth1 = XXXXX MSISAuthenticated XXXXX MSISLoopDetectionCookit XXXXX

What I did wrong?

Answer 1

How have you configured the endpoint?

In the ADFS console:

• Open your RP --> Properties
• Click the endpoint tab
• Select WS-Fed endpoint
• Ensure this points to your RP e.g. https://localhost:16034/MyRelyingParty