Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,726 questions
ADFS with Web Application Proxy for User certificate Authentication failure
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 83%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPP%3C/text%3E%3C/svg%3E)
Pradhap P
1
Reputation point
Dear Team,
I have deployed the AD servers, ADFS servers, Internal CA servers, and Web Application Proxy (WAP).
Forms Authentication (via Direct ADFS server) - Successful authentication.
Forms Authentication (via Web Application Proxy(ADFS)) - Successful authentication.
User Certificate Authentication (via Direct ADFS server) - Successful authentication.
User Certificate Authentication (via Web Application Proxy(ADFS)) - Failed
Ports(443 & 49443) and connectivity are reachable from the Client machine.
Server OS: Windows Server 2022 --> (ADFS & ADFS web proxy)
It is failing via Proxy only.
please help me to fix the issue. i just configured the basic configuration only.
Error in login Web page:-
No valid client certificate found in the request. No valid certificates found in the user's certificate store. Please try again after closing and reopening the browser and choose a different authentication method.
Event Log in ADFS server:-
Encountered error during federation passive request.
Additional Data
Protocol Name:
Saml
Relying Party:
http://xxxxxxxxxx/adfs/services/trust
Exception details:
Microsoft.IdentityServer.NoValidCertificateException: MSIS7121: The request did not contain a valid client certificate that can be used for authentication. This occurs when there are no valid certificates on the client computer, for example if all certificates have expired or been revoked.
Error Code: 0x80092013
at Microsoft.IdentityServer.Web.Authentication.TlsClientAuthenticationHandler.ThrowCertificateErrorException(Int32 errorCode)
at Microsoft.IdentityServer.Web.Authentication.TlsClientAuthenticationHandler.ProcessExtranetRequest(ProtocolContext context, WrappedHttpListenerRequest request)
at Microsoft.IdentityServer.Web.Authentication.TlsClientAuthenticationHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.Authentication.AuthenticationOptionsHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolTlsClientListener.OnGetContext(WrappedHttpListenerContext context)
Sign in to answer