Problem :
Users were getting multiple authentication prompts when attempting to access a SharePoint website using ADFS authentication.
Possible other issues :
You may randomly be redirected back to a login page.
You may end up in an authentication loop that causes ADFS to halt the request because of a perceived denial of service (DOS) attack, as the note states.
If you look at a trace of the activity, you may see SharePoint setting your fedauth cookie to an expired value, then start making the requests again to ADFS, which then, either won’t issue you a non-expired cookie, or SharePoint looks at and transforms it to an expired cookie.
A quick Google, came up with the site below. (Cheers Steve)
As the our new Network Load Balancer (NLB) was not managed by us, they had not setup cookie based persistence. Or “Affinity” as described in the article below.
This was enabled and the problem went away.
It happens as the traffic from your browser may hit one WFE, and then another. A token is issued for each session so in this case setting cookie based persistence resolves the issue.
Resolution :
Enable the cookie based persistence on the NLB
Steve Peschka
Make Sure You Know This About SharePoint 2010 Claims Authentication - Sticky Sessions Are REQUIRED
http://blogs.technet.com/b/speschka/archive/2011/10/28/make-sure-you-know-this-about-sharepoint-2010-claims-authentication-sticky-sessions-are-required.aspx
No comments:
Post a Comment