Reputation: 31
Microsoft Exchange 2019, OWA - ADFS - KeyCloak. Error ID1044: No Certificate Configured
I have a problem related to OWA. I receive a SAML request from the keycloak, which is my IDP for ADFS. ADFS later sends a WS-Federation request to OWA. The page is redirected to the endpoint /owa/auth/errorfe.aspx?msg=WrongAudienceUriOrBadSigningCert. In the logs it shows me the following information: ID1044: An encrypted security token was received at the relying party which could not be decrypted. Configure the relying party with a suitable decryption certificate. Current relying party decryption certificate info: No Certificate Configured.
In the ADFS settings, in the certificates tab, I have certificates attached as Token-Decrypting and as Token-Signing. When receiving messages from Adfs, OWA displays in the logs the certificate with which this request was signed, cn=test.
In relying party trusts, as OWA I have encryption and signature certificate cn=test.
After using the command Get-ADFSCertificate all fields show the certificate cn=test.
Where could there be an error that OWA cannot load the certificate to decrypt the adfs message? Any commands that will help display the OWA certificate configuration?
Changing certificates
Upvotes: 0
Views: 377
Answers (0)
Related Questions
- Keycloak as a Service Provider - setting up a signing certificate
- ADFS 3.0 relying party token signing certificate
- Adfs: Difference between token decrypting certificate and relying party signature verification certificate
- Providing proper security for SAML service provider
- ADFS relying party token encryption certificate .net MVC
- AD FS 2.0 Event 206: "The Federation Service could not fulfill the token-issuance request"