Home
  •  

Unmatched Assertion Consumer Service Protocol Binding

Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuanceConfigurationAssertionConsumerServiceProtocolBindingDoesNotMatchErrorRule (Rule)

Knowledge Base article:

Summary

Token issuance failed because the request specified an assertion consumer service protocol binding that is not configured on the relying party.

Causes

The Assertion Consumer Services protocol binding that is specified in the request is not valid.

Resolutions

Use the AD FS snap-in to configure Assertion Consumer Services with the specified protocol binding for this relying party. To configure SAML Assertion Consumer Services, add or update the required SAML assertion consumer endpoints on the Endpoints tab in the properties for this relying party trust. If you imported metadata, check your metadata provider configuration. If you configured your relying party trust manually, check the relying party trust configuration locally on the federation server computer. If you imported metadata to configure your relying party trust, verify that the configuration on your metadata partner server is accurate and up to date.

Element properties:

TargetMicrosoft.ActiveDirectoryFederationServices2012R2.TokenIssuance
CategoryConfigurationHealth
EnabledTrue
Event_ID260
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableTrue
Alert Message
Unmatched Assertion Consumer Service Protocol Binding
The request specified an assertion consumer service protocol binding '{0}' that is not configured on the relying party '{1}'. Token issuance failed.
Event Log$Target/Host/Host/Property[Type="Microsoft.ActiveDirectoryFederationServices2012R2.FederationServer"]/ADFSEventLog$

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
Alert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuanceConfigurationAssertionConsumerServiceProtocolBindingDoesNotMatchErrorRule" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuance" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>ConfigurationHealth</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Host/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>$Target/Host/Host/Property[Type="Microsoft.ActiveDirectoryFederationServices2012R2.FederationServer"]/ADFSEventLog$</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="UnsignedInteger">260</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <RegExExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>MatchesMOM2005RegularExpression</Operator>

              <Pattern>(^AD FS$)</Pattern>

            </RegExExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertOwner/>

      <AlertMessageId>$MPElement[Name="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuanceConfigurationAssertionConsumerServiceProtocolBindingDoesNotMatchErrorRule.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/Params/Param[1]$</AlertParameter1>

        <AlertParameter2>$Data/Params/Param[2]$</AlertParameter2>

      </AlertParameters>

      <Suppression>

        <SuppressionValue>$Data/Params/Param[1]$</SuppressionValue>

        <SuppressionValue>$Data/Params/Param[2]$</SuppressionValue>

      </Suppression>

      <Custom1/>

      <Custom2/>

      <Custom3/>

      <Custom4/>

      <Custom5/>

      <Custom6/>

      <Custom7/>

      <Custom8/>

      <Custom9/>

      <Custom10/>

    </WriteAction>

  </WriteActions>

</Rule>