VIP (Validation ID Protection)

View Only

Login error VIP with ADFS

Antoni Lorenzana posted Jan 19, 2021 03:31 AM

Hi,

We're deploying Symantec VIP service on a ADFS envirorment. There is one ADFS, and one Web Application Proxy that works as a ADFS proxy. The problem is that Symantec VIP is only working in the intranet machines, and for the extranet machines, only works with mozilla, this is the error log found in the ADFS:

______________________________________________________

Encountered error during federation passive request.

Additional Data

Protocol Name:
wsfed

Relying Party:
urn:federation:MicrosoftOnline

Exception details:
Microsoft.IdentityServer.Web.WebConfigurationException: No style sheet is configured in the active theme for default locale [es-ES/3082].
at Microsoft.IdentityServer.Web.UI.ThemeAuthoringEngine.PrepareTheme()
at Microsoft.IdentityServer.Web.UI.PageBase.get_ThemeAuthoringEngine()
at Microsoft.IdentityServer.Web.Authentication.External.AdapterPresentationManager.get_ResponseCulture()
at Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.Authentication.AuthenticationOptionsHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
___________________________________________

And the error that I get when I try to do login is this: sorry we need additional information to verify your identity

Thanks!

Broadcom Employee Andreas Horlacher posted Jan 19, 2021 04:22 PM

Hi Antoni - At what point does this error occur? Just trying to understand what isn't working here.

Antoni Lorenzana posted Jan 20, 2021 04:06 AM

Hi,

The error occur at the moment you enter the credentials in the WAP (ADFS) portal, at the exact moment that you are suposed to be asked for the token, but this never happen, intead of that the user have the error: sorry we need additional information to verify your identity

At this moment you can see the posted log in the ADFS and WAP(ADFS).

Broadcom Employee Andreas Horlacher posted Jan 20, 2021 11:37 AM

So the only difference between external and internal is the WAP, assuming you already have ADFS configured for external access?

Antoni Lorenzana posted Jan 21, 2021 02:50 AM

Yes, the only difference is the WAP, but when I disable Symantec VIP all works fine, interally and externally...

Another thing I have detected is that Mozilla works fine with VIP working, but Chrome, Explorer and Edge have the errors I posted here.

Thanks.

Broadcom Employee Andreas Horlacher posted Jan 22, 2021 03:18 AM

Antoni - do you have the JavaScript option enabled? If so, can you disable it, restart ADFS services, and try again?

Antoni Lorenzana posted Jan 22, 2021 03:51 AM

Sorry but the javascript is not cofigured, and we have restar all the sistems several times.

Thanks.

Broadcom Employee Andreas Horlacher posted Jan 22, 2021 11:56 AM

Antoni - It looks like the error is related to the locale es-ES (Spanish). Is the ADFS server or WAP proxy server set to Spanish? If so, change to English and try again.

Antoni Lorenzana posted Jan 25, 2021 02:57 AM

Hi,

That was my first idea, but all the products were deployed in English, then I also have tried to install ES packages with no luck...

Toni

Broadcom Employee Andreas Horlacher posted Jan 26, 2021 10:58 AM

I'd recommend reaching out to Microsoft for some additional direction. A Google search shows this could be a variety of causes, from permissions to registry settings. We need to understand what exactly the error being thrown is, and why we're seeing it.