Home
  •  

Unmatched Assertion Consumer Service Index

Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuanceConfigurationAssertionConsumerServiceIndexDoesNotMatchErrorRule (Rule)

Unmatched Assertion Consumer Service Index

Knowledge Base article:

Summary

Token issuance failed because the request specified an assertion consumer service index that is not configured on the relying party.

Causes

The Assertion Consumer Services index that is specified in the request is not valid.

Resolutions

Use the AD FS snap-in to configure Assertion Consumer Services with the specified index for this relying party. To configure SAML Assertion Consumer Services, add or update the required SAML assertion consumer endpoints on the Endpoints tab in the properties for this relying party trust. If you imported metadata, check your metadata provider configuration. If you configured your relying party trust manually, check the relying party trust configuration locally on the federation server computer. If you imported metadata to configure your relying party trust, verify that the configuration on your metadata partner server is accurate and up to date.

Element properties:

TargetMicrosoft.ActiveDirectoryFederationServices.2016.TokenIssuance
CategoryConfigurationHealth
EnabledTrue
Event_ID259
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableTrue
Alert Message
Unmatched Assertion Consumer Service Index
The request specified an assertion consumer service index '{0}' that is not configured on the relying party '{1}'. Token issuance failed.
Event Log$Target/Host/Host/Property[Type="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer"]/ADFSEventLog$

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
Alert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuanceConfigurationAssertionConsumerServiceIndexDoesNotMatchErrorRule" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuance" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>ConfigurationHealth</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Host/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>$Target/Host/Host/Property[Type="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer"]/ADFSEventLog$</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="UnsignedInteger">259</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <RegExExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>MatchesMOM2005RegularExpression</Operator>

              <Pattern>(^AD FS$)</Pattern>

            </RegExExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertOwner/>

      <AlertMessageId>$MPElement[Name="Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuanceConfigurationAssertionConsumerServiceIndexDoesNotMatchErrorRule.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/Params/Param[1]$</AlertParameter1>

        <AlertParameter2>$Data/Params/Param[2]$</AlertParameter2>

      </AlertParameters>

      <Suppression>

        <SuppressionValue>$Data/Params/Param[1]$</SuppressionValue>

        <SuppressionValue>$Data/Params/Param[2]$</SuppressionValue>

      </Suppression>

      <Custom1/>

      <Custom2/>

      <Custom3/>

      <Custom4/>

      <Custom5/>

      <Custom6/>

      <Custom7/>

      <Custom8/>

      <Custom9/>

      <Custom10/>

    </WriteAction>

  </WriteActions>

</Rule>