Error al intentar iniciar sesion con los servicios de federación de active directory (ADFS): An unhandled exception occurred while processing the request.

Question

Hola a todos. Estoy intentando implementar los servicios de federación de active directory (ADFS) en mi aplicación asp.net core mvc, para ello ya tengo instalados y configurados (supongo que bien) el controlador de dominio (DC) el IIS y el mismo servicio de ADFS todos funcionando. Posteriormente agrego la siguiente configuración (tomada en la web de Microsoft) en el program.cs de mi aplicación.

builder.Services.AddDefaultIdentity<IdentityUser>(options => options.SignIn.RequireConfirmedAccount = true)
    .AddEntityFrameworkStores<ApplicationDbContext>();
builder.Services.AddControllersWithViews();

builder.Services.AddAuthentication().AddWsFederation(options =>
{
    options.MetadataAddress = "https://adfs.labmait.local/FederationMetadata/2007-06/FederationMetadata.xml";

    options.Wtrealm = "https://localhost:44323/";

});

La aplicación se ejecuta correctamente, pero al intentar iniciar sesión con el servicio de federación de active directory (ADFS) me lanza estas excepciones.

An unhandled exception occurred while processing the request.

SocketException: Host desconocido.
	System.Net.Sockets.Socket+AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
HttpRequestException: Host desconocido. (adfs.labmait.local:443)
	System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(string host, int port, HttpRequestMessage initialRequest, bool async, CancellationToken cancellationToken)
IOException: IDX20804: Unable to retrieve document from: 'System.String'.
	Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(string address, CancellationToken cancel)
InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'.
	Microsoft.IdentityModel.Protocols.ConfigurationManager<T>.GetConfigurationAsync(CancellationToken cancel)

Ya llevo tiempo intentando dar con la solución, pero hasta ahora no lo consigo.

Soy muy nuevo en eso, apenas es la primera vez que estoy intentando implementar el servicio de ADFS en una aplicación.

GRACIAS ANTICIPADAS!

Answer 1

Hello Emmanuel,

Thank you for your question and for reaching out with your question today.

The error message "SocketException: Unknown host" indicates that your application is unable to resolve the hostname "adfs.labmait.local" to an IP address. This typically happens when the hostname cannot be found in the DNS server configured on the machine running your ASP.NET Core MVC application.

To resolve this issue, you need to ensure that your application server can resolve the ADFS server's hostname. Here are some steps you can take to troubleshoot and fix the issue:

1. **Check DNS Configuration**: Verify that the DNS settings on your application server are correctly configured. Ensure that the DNS server used by your application server can resolve the hostname "adfs.labmait.local" to its correct IP address.

2. **Hosts File Entry**: As a temporary solution for testing purposes, you can add an entry to the hosts file on your application server. The hosts file allows you to manually map IP addresses to hostnames. Open the hosts file (located at "C:\Windows\System32\drivers\etc\hosts" on Windows) and add the following line:

<ADFS_SERVER_IP> adfs.labmait.local

   Replace `<ADFS_SERVER_IP>` with the actual IP address of your ADFS server. Save the hosts file and try running your application again.

3. **Verify Connectivity**: Ensure that your application server can reach the ADFS server over the network. You can use tools like "ping" or "telnet" to test network connectivity to the ADFS server's IP address and port (443).

4. **Firewall Settings**: Check the firewall settings on both your application server and the ADFS server. Make sure that port 443 (HTTPS) is open and allowed for communication between the two servers.

5. **ADFS Metadata Address**: Double-check that the ADFS Metadata Address specified in your application's configuration is correct. Ensure that it is accessible from the application server.

6. **URL Encoding**: If your ADFS Metadata Address contains any special characters, ensure that it is properly URL encoded in your application's configuration.

7. **Application Pool Identity**: Ensure that the application pool identity under which your ASP.NET Core application runs has network access permissions to reach the ADFS server.

8. **Check for Typos**: Review your code for any typos or mistakes in the ADFS Metadata Address or realm configuration.

After making any changes, be sure to restart your ASP.NET Core application to apply the updates.

If you still encounter issues after verifying the above steps, consider consulting with your network or system administrator for further assistance in resolving DNS and network connectivity problems. Additionally, check the ADFS server's logs and event viewer for any errors or warnings that might provide more insights into the issue.

I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

If the reply was helpful, please don’t forget to upvote or accept as answer.

Best regards.