AD Troubleshooting

AD and Domain-related issues and troubleshooting methods for Active Directory.

ADFS case sensitivity

ADFS case sensitivity

  • Comments 3
  • Likes

ADFS is case-sensitive for the most part - but there are some sections of ADFS 2.0 where you might not need an exact match.

In general you should however still try to make sure you both compy with the standard format for public attributes and settings and maintain consistency when referring to internal server names.

Example: referring to a server in one place as ContosoADFS.contoso.com and referring to the same server as as contosoadfs.contoso.com is just asking for trouble.

Even if it may work within a pure Microsoft federation Environment there's no guarantee that non-Microsoft implementations will interpret the difference in casing the same way.

SAML values like Boolean TRUE vs. True vs. true are also subject to this - you should check the protocol documentation to make sure you're using the correct casing.

The error message below is the result of using an incorrect casing:

ADFS Event ID 67:

System.Xml.XmlException: ID4318: The SAML protocol message cannot be read because it contains data that is not valid.
See the inner exception for details.
Line 1, position 2. --->
System.FormatException: The string 'False' is not a valid Boolean value.

   at System.Xml.XmlConvert.ToBoolean(Strings)

   at
Microsoft.IdentityModel.Protocols.Saml2.Saml2ProtocolSerializer.ReadAuthnRequest(XmlReaderreader)

   --- End of inner exception stack trace
---


Examining the binding reveals the following:

ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
IsPassive="False"
ForceAuthn="False"

...all of these should be 'false' and not 'False'

 

Further details:

XML Schema

http://www.schemacentral.com/sc/xsd/t-xsd_boolean.html

Comments
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment