A service from Red Gate

in
Home SQL .NET Exchange Opinion Blogs Forums About
Sign in | Join | Help
Home Blogs Forums
Blogs Home > Damon Armstrong > ADFS - Cookie Error

Damon Armstrong

Caffeine Induced Tirades about .NET and Life
And don't forget to check out my latest Simple-Talk articles
Add to Technorati Favorites      Add to Google     

ADFS - Cookie Error

Published Thursday, August 16, 2007 1:11 AM

I've been knee deep in Active Directory Federation Services for the past three months now, and when helping one our clients deploy a single-sign-on (SSO) application, we ran into a nasty error:

The request has been rejected because it appears to be a duplicate of a request from this same client browser session within the last 20 seconds

Here is a quick synopsis of the problem.  ADFS works by bouncing users back and forth between federation servers and the application, and somewhere along the way you end up with a cookie containing authentication information (a SAML token to be more precise).  One of the options in the web.config is the path to the cookie, which is found in

<configuration>
     <web.config>
          ...
          <websso>
               ...
               <cookies writecookies="true">
                    ...
                    <path>/CookiePath</path>
               </cookies>
          </websso>
     </web.config>
</configuration>

During the deployment, we placed the application in a directory that did not match the cookie path.  So, the user was going to the application, the application then sent the user to the federation server for authentication, the federation server issued the cookie, redirected the user back to the application, the cookie was not being sent when the user hit the application a second time, so the application sent the user back to the federation server for authentication, and the federation server doesn't like it when you try to login twice within 20 seconds.  So the moral of the story is to make sure you setup your cookie path correctly or you get weird ADFS errors.

by Damon

Comments

No Comments
You need to sign in to comment on this blog
  Opinion Home

  Opinion Pieces (96 articles)

  Geek of the Week (37 articles)

  Tony Davis - Editor (6 articles)

  Phil Factor (41 articles)

  Damon Armstrong (8 articles)

  Douglas Reilly (40 articles)

  Adrian Furnham (1 articles)

  Claire Brooking

  Richard Morris (34 articles)

  Tim Gorman (1 articles)

  Jesse Liberty (5 articles)

  Sarah Blow (1 articles)

  Anna Larjomaa (1 articles)

  Gaidar Magdanurov (2 articles)

  Regular Columnists (1 articles)

  Ben Hall (2 articles)

  Blogs Home
<August 2007>
SuMoTuWeThFrSa
2930311234
567891011
12131415161718
19202122232425
2627282930311
2345678
Virtual Exchange Servers
 Microsoft now supports running Exchange Server 2007 in server virtualization environments, not just on... Read more...

Virtualizing Exchange: points for discussion
 With the increasing acceptance of the use of Virtualization as a means of providing server... Read more...

Encouraging .NET Reflector Add-ins
 Jason Haley is well-known for the resources he's provided to developers who wish to extend Reflector's... Read more...

Using .NET Reflector Add-ins
 .NET Reflector by itself is great, but it really comes into its own with the help of some add-ins. Here... Read more...

Unique Experiences!
 You'd have thought that a unique constraint was an easy concept - Not a bit of it; it can cause a lot... Read more...