Hello,
Currently in our environment we are trying to enable SSO with ADFS. We’re able to login to IFS using AD credentials if we manually input them, but if you select “Sign in as current user” it will prompt to enter credentials, and then returns error 400. Detailed error below:
1Ifs.Fnd.FndSystemException: Unexpected error while calling server method ClientApplication/IdentifyCurrentUser23 at Ifs.Fnd.AccessProvider.FndConnection.InvokeInternal(Object requestBody, Object responseBody, String intface, String operation, FndRequestContext requestContext, FndManualDecisionCollection decisions, Boolean forcedSync, Boolean integrationGateway)4 at Ifs.Fnd.AccessProvider.FndConnection.InvokeInternal(String intface, String operation, Object requestBody, Object responseBody, FndRequestContext requestContext, Boolean forcedSync, Boolean integrationGateway)5 at Ifs.Fnd.AccessProvider.Interactive.FndLoginDialog.AuthenticateCredentials(FndLoginCredentials loginCreds) ---> Ifs.Fnd.FndSystemException: 4006 at Ifs.Fnd.AccessProvider.FndConnection.CallGetResponse(String intface, String operation, FndRequestContext requestContext, FndManualDecisionCollection decisions, Byte[] requestHeaderBytes, Byte[] requestBodyBytes, FndApfAsyncInvoke asyncInvokeHandle, Boolean integrationGateway)7 at Ifs.Fnd.AccessProvider.FndConnection.InvokeGetResponse(String intface, String operation, FndRequestContext requestContext, FndManualDecisionCollection decisions, Byte[] requestHeaderBytes, Byte[] requestBodyBytes, Boolean& abandoned, Boolean forcedSync, Boolean integrationGateway)8 at Ifs.Fnd.AccessProvider.FndConnection.InvokeInternal(Object requestBody, Object responseBody, String intface, String operation, FndRequestContext requestContext, FndManualDecisionCollection decisions, Boolean forcedSync, Boolean integrationGateway)9 --- End of inner exception stack trace ---
I increased the Limit Field Request size per this article and even tried logging in with a new user belonging to no groups, but I received the same error. I did set the HTTP server to trace and saw this error in the logs:
1URL::sendHeaders(): meth='POST' file='/main/default/clientgateway' protocol='HTTP/1.1'2Header to WLS: [User-Agent]=[IFS .NET Access Provider/1.2]3Header to WLS: [Os-User]=[domain\\user]4Header to WLS: [Program]=[Ifs.Fnd.Explorer.exe]5Header to WLS: [Machine]=[console@userpc.domain.com]6Header to WLS: [X-Ifs-Capabilities]=[02]7Header to WLS: [X-Ifs-Timeout]=[30000]8Header to WLS: [Content-Type]=[application/octet-stream]9Header to WLS: [Host]=[ifs10devutil.domain.com:58080]10Header to WLS: [Content-Length]=[0]11Header to WLS: [ECID-Context]=[1.005x4^Yi9OgFk3o5sVd9iX00062z00000Y;kXjE]12Header to WLS: [Connection]=[Keep-Alive]13Header to WLS: [WL-Proxy-SSL]=[true]14Header to WLS: [X-Forwarded-For]=[xx.x.x.74]15Header to WLS: [WL-Proxy-Client-IP]=[xx.x.x.74]16Header to WLS: [WL-Proxy-Client-Port]=[64156]17Header to WLS: [X-WebLogic-KeepAliveSecs]=[30]18Header to WLS: [X-WebLogic-Request-ClusterInfo]=[true]19Header to WLS: [x-weblogic-cluster-hash]=[A4z6JJO09Z2Ycft4x6TZf+W2l84]20Post data length (not in memory): 021sendPostData(): No T-E header, postSize == 0; C-L must have been zero22About to call parseHeaders23Reader::fill(): first=0 last=0 toRead=409624Reader::fill(): sysRecv returned 203025URL::parseHeaders: CompleteStatusLine set to [HTTP/1.1 401 Unauthorized]26URL::parseHeaders: StatusLine set to [401 Unauthorized]27URL::parseHeaders: StatusLineWithoutStatusCode set to [Unauthorized]28Header from WLS:[Cache-Control]=[no-cache, no-store, must-revalidate]29Header from WLS:[Date]=[Thu, 09 Feb 2023 19:10:35 GMT]30Header from WLS:[Pragma]=[No-cache]31Header from WLS:[Content-Length]=[1468]32Header from WLS:[Content-Type]=[text/html; charset=UTF-8]33Header from WLS:[Expires]=[Thu, 01 Jan 1970 00:00:00 GMT]34Header from WLS:[WWW-Authenticate]=[Bearer realm="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx@https://domain-scdb.domain.com/adfs", scope="openid", authorization_uri="https://domain-scdb.domain.com/adfs"]35Header from WLS:[X-ORACLE-DMS-RID]=[0:1]36Header from WLS:[X-ORACLE-DMS-ECID]=[005x4^Yi9OgFk3o5sVd9iX00062z00000Y]37Header from WLS:[X-IFS-OAuth2-Resource]=[api://IFSTEST]38Header from WLS:[X-IFS-OAuth2-IDP]=[ADFS]39parsed all headers OK40Exiting method BaseProxy::sendRequest 41sendResponse() : r->status = '401'42Hdrs to client (add):[Cache-Control]=[no-cache, no-store, must-revalidate]43Hdrs to client (add):[Date]=[Thu, 09 Feb 2023 19:10:35 GMT]44Hdrs to client (add):[Pragma]=[No-cache]45Hdrs to client (add):[Expires]=[Thu, 01 Jan 1970 00:00:00 GMT]46Hdrs to client (add):[WWW-Authenticate]=[Bearer realm="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx@https://domain-scdb.domain.com/adfs", scope="openid", authorization_uri="https://domain-scdb.domain.com/adfs"]47Hdrs to client (add):[X-ORACLE-DMS-RID]=[0:1]48Hdrs to client (add):[X-ORACLE-DMS-ECID]=[005x4^Yi9OgFk3o5sVd9iX00062z00000Y]49Hdrs to client (add):[X-IFS-OAuth2-Resource]=[api://IFSTEST]50Hdrs to client (add):[X-IFS-OAuth2-IDP]=[ADFS]51AH01502: headers: ap_headers_output_filter()
As far as I’m aware SSO has never worked for our environment with ADFS. I followed the steps in this article, but most of the links are dead. I checked our ADFS server against the Achieving Single Sign-On behavior doc and everything appears to be configured correctly.
Does anyone know if there is a fix?
Thank you