Resolving AD FS Authentication Page Logon Issues in SharePoint 2010


I have had trouble resolving Active Directory Federation Service (AD FS) Authentication page logon issues several times, so I thought I would describe this problem and resolution because I am sure that others have seen it too.
Let's assume that you have configured a SharePoint web application to use SAML claims, and the identity provider security token service (IP-STS) is Active Directory Federation Services (AD FS) 2.0. Sometimes I see that after SharePoint redirects to the AD FS login page, the browser just "stops". The status says "complete", as if the page is completely loaded and the blank page is all there is to it. The address bar in the browser shows the correct AD FS server URL. No error is shown and the browser looks like it is at the AD FS logon page. But, you are never authenticated, never prompted for credentials, and never sent back to your SharePoint site.
When this happens, I have found the problem is that I have a proxy server configured in my browser, and the request is being redirected to the fully qualified domain name of the AD FS server (that is, https://adfs.contoso.com).
To fix the problem, in Internet Explorer, do the following:
  1. On the Tools menu, click Internet options.
  2. On the Connections tab, click LAN settings.
  3. Click Advanced to open the Proxy Setting window.
In the Proxy Setting window there is a text box for exceptions. The Exceptions text box is where you add URLs that you do not want the proxy server to try to resolve for you. If you add the URL for your AD FS server to that list and then save your changes, you should be able to successfully redirect and get authenticated.
Unfortunately, there is no feedback from the browser in this scenario as to what is the problem. If you get the "blank screen" browser page, consider this tip as a possible fix.

Comments