Markm

Gents, thanks for your responses. The working method for myself (but not for Chrome oddly) is to do the following in AFDS:- Open new record for Replying Party Trust (below) Selecting option 1, enter the addresses as shown and then save the defaults. I've the downloaded (User/Device/Live etc) from the SSO page but they didn't work properly for me. Anyway, this may be useful for somebody else.

Hi folks, After getting sidetracked with an infuriating SSL cert issue on ADFS I'm back to this issue of single sign on and the ADFS/Hornbill relationship. I've started a new thread for this issue as i'd like to direct some new asks for help if i may. I've configured my ADFS with SAML and WS-Federation as per attached. But getting this error in logs The request specified an Assertion Consumer Service URL 'https://service.hornbill.com/clarionhg/lib/saml/auth/simplesaml/module.php/samlEspProxy/sp/saml2-acs.php/saml' that is not configured on the relying party 'https://service.hornbill.com/clarionhg/lib/saml/auth/simplesaml/module.php/saml/sp/metadata.php/saml'. Assertion Consumer Service URL: https://service.hornbill.com/clarionhg/lib/saml/auth/simplesaml/module.php/samlEspProxy/sp/saml2-acs.php/saml Relying party: https://service.hornbill.com/clarionhg/lib/saml/auth/simplesaml/module.php/saml/sp/metadata.php/saml This request failed. User Action Use the AD FS Management snap-in to configure an Assertion Consumer Service with the specified URL for this relying party. I suspect I haven't employed the correct URL in my WS-Fed and SAML entries.

Hi, i have checked again this morning and still getting error with Validate Time disabled. Therefore sadly looks like that isnt my issue.

Gents, many thanks for this. The times look similar on both DC and Hornbill server. Ive raised ecurity.saml.timeSkewCompensation to 120secs and also turned it off completed in SSO. Still got the failure but should i really give it 10-15 minutes for the settings to take effect?

Hi, So after testing all days yesterday it appears that my ADFS works intermittently. I log in with the same user on the same session. It really is 70/30 that it works. There are two ADFS in a pair on WS2012. I've tried URL which directly references one of the ADFS but still he same hit or miss. When i do get the error it looks like below. I cannot honestly work out why it works one moment and not the next. Crazy.

Thanks all and thanks Gerry.

Hi all, First post here. I have recently updated the Certificate on our ADFS server as we are setting up Single Sign On. After re-importing the IDP Meta Data I get the following error when logging in: The public certificate used for signing the assertion is not flagged as a signing certificate for the service provider If i reverse the process it goes back to working. Unfortunately the old certificate expires on 4th Sept. There is a message i get when changing the new certificate to the Primary (attached). Be grateful if anyone can provide any guidance.