Error When Using ADFS

Customer forum for LastPass Enterprise

Moderators: azitnay, admin, anatoly_LP, chantieLP, robyn, JoeSiegrist

Error When Using ADFS

Postby scottwunschel » Tue Oct 02, 2018 10:56 am

Hi. I've been trying to get ADFS authentication working for weeks to no avail. We are using Server 2016 and ADFS 4.0. I have the Directory Sync working and and see federated users with an * next to their name in our portal. These accounts have the LastPass custom attribute populated with data.

I've installed the LastPass ADFS MSI and see a relying party trust for LastPass. When I type in the email address of a federated user in the LastPass browser plugin it does redirect me to our ADFS site, but fails after that.

When I'm on-premise going directly to an ADFS server I just get a white screen after I type in the email address and password on the ADFS login page. The title bar for the window changes to "Working..." and will hang there forever.

If I try to log in off-premise going through an ADFS web proxy I get a LogMeIn error screen that has the following...

There was a problem displaying the requested page
If this problem happens again, please contact customer support and quote the error code below.
Reference number: s606653
Status code: 13

Has anyone else seen this behavior or have any idea how to fix it?

Thank you in advance,
Scott
scottwunschel
 
Posts: 4
Joined: Mon Sep 17, 2018 9:25 pm

Re: Error When Using ADFS

Postby steelgratingseo » Fri Oct 12, 2018 12:24 am

me too ;)
steelgratingseo
 
Posts: 1
Joined: Fri Oct 12, 2018 12:20 am

Re: Error When Using ADFS

Postby Porch » Thu Nov 08, 2018 6:21 pm

Me too.
Porch
 
Posts: 1
Joined: Thu Nov 08, 2018 6:20 pm

Re: Error When Using ADFS

Postby servicedesk752 » Fri Nov 09, 2018 3:54 am

Hello

Would like to chime in without just saying me too.
We have also got the same problem when trying it in our AD FS environment.
Not sure if you guys have gotten further.

Been in contact with LastPass support who claim that status code 13 is basically translated to MissingEmailClaim. That is not strange since the Key chain fails so that no saml is acctually transmitted to lastpass servers.
The problem looking at the LastPassADFS log (located in ProgramData on AD FS server) for us though is that it cannot create a secure channel towards lastpass to get their part of the password
"
WebCall query: https://lastpass.com/lmiapi/federated/key?email=<redacted>
Failed to get public key(s): System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
"
It also triggers a Schannel error TLS error code 40 (Handshake failure)

We have TLS 1.2 enabled which should work according to LastPass support

https://docs.microsoft.com/en-us/window ... s-in-ad-fs
servicedesk752
 
Posts: 3
Joined: Fri Nov 09, 2018 3:44 am

Re: Error When Using ADFS

Postby servicedesk752 » Tue Nov 13, 2018 11:45 am

Update: After adding TLS 1.2 we needed to restart the AD FS service. After that everything seems to be working fine for us
servicedesk752
 
Posts: 3
Joined: Fri Nov 09, 2018 3:44 am

Re: Error When Using ADFS

Postby trentq » Thu Apr 18, 2019 9:49 pm

We had the same issue and this fixed it for us as well thanks.

https://docs.microsoft.com/en-us/window ... plications
trentq
 
Posts: 4
Joined: Tue Sep 18, 2018 2:13 am

Re: Error When Using ADFS

Postby rtirella235 » Thu Jun 13, 2019 2:48 pm

still getting this error for some users, really wish lastpass could fix this.
rtirella235
 
Posts: 1
Joined: Thu Jun 13, 2019 2:46 pm


Return to LastPass Enterprise

Who is online

Users browsing this forum: No registered users and 64 guests