A service from Red Gate

in
Home SQL .NET Exchange Opinion Blogs Forums About
Sign in | Join | Help
Home Blogs Forums
Blogs Home > Damon Armstrong > ADFS - Cookie Error

Damon Armstrong

Caffeine Induced Tirades about .NET and Life
And don't forget to check out my latest Simple-Talk articles
Add to Technorati Favorites      Add to Google     

ADFS - Cookie Error

Published Thursday, August 16, 2007 1:11 AM

I've been knee deep in Active Directory Federation Services for the past three months now, and when helping one our clients deploy a single-sign-on (SSO) application, we ran into a nasty error:

The request has been rejected because it appears to be a duplicate of a request from this same client browser session within the last 20 seconds

Here is a quick synopsis of the problem.  ADFS works by bouncing users back and forth between federation servers and the application, and somewhere along the way you end up with a cookie containing authentication information (a SAML token to be more precise).  One of the options in the web.config is the path to the cookie, which is found in

<configuration>
     <web.config>
          ...
          <websso>
               ...
               <cookies writecookies="true">
                    ...
                    <path>/CookiePath</path>
               </cookies>
          </websso>
     </web.config>
</configuration>

During the deployment, we placed the application in a directory that did not match the cookie path.  So, the user was going to the application, the application then sent the user to the federation server for authentication, the federation server issued the cookie, redirected the user back to the application, the cookie was not being sent when the user hit the application a second time, so the application sent the user back to the federation server for authentication, and the federation server doesn't like it when you try to login twice within 20 seconds.  So the moral of the story is to make sure you setup your cookie path correctly or you get weird ADFS errors.

by Damon

Comments

No Comments
You need to sign in to comment on this blog
  Opinion Home

  Opinion Pieces (94 articles)

  Geek of the Week (36 articles)

  Tony Davis - Editor (6 articles)

  Phil Factor (40 articles)

  Damon Armstrong (8 articles)

  Douglas Reilly (40 articles)

  Adrian Furnham (1 articles)

  Claire Brooking (1 articles)

  Richard Morris (32 articles)

  Tim Gorman (1 articles)

  Jesse Liberty (5 articles)

  Sarah Blow (1 articles)

  Anna Larjomaa (1 articles)

  Gaidar Magdanurov (2 articles)

  Regular Columnists (1 articles)

  Ben Hall (2 articles)

  Blogs Home
<August 2007>
SuMoTuWeThFrSa
2930311234
567891011
12131415161718
19202122232425
2627282930311
2345678
On the Trail of the Expanding Databases
 It is sometimes difficult for other IT people to understand the constraints that DBAs have to work... Read more...

SQL Server 2008: The New Data Types
 Brad continues his helicopter-level view of the most interesting new features of SQL Server 2008 with a... Read more...

Reporting on Mobile Device Activity Using Exchange 2007 ActiveSync Logs
 In this new column giving practical advice on all things Sys Admin related, Ben Lye takes on the often... Read more...

The Bejeweled Puzzle in SQL
 Alex Kozak provides another SQL puzzle to hone your SQL Skills with.  Read more...

Using Powershell to Generate Table-Creation Scripts
 For all of us who learn best by trying out examples, Bob Sheldon produces a PowerShell script file for... Read more...