Home
  •  

Duplicate Name Identifier

Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuancePolicyDuplicateNameIdentifierRule (Rule)

Knowledge Base article:

Summary

More than one claim was issued after the rules in the issuance transform rule set were applied to the relying party trust.

This will cause token issuance for this relying party trust to fail.

Causes

More than one name ID claim was configured in the claims policy for the relying party.

Resolutions

Ensure that the issuance transform rules that are configured for the relying party do not result in multiple name ID claims.

Element properties:

TargetMicrosoft.ActiveDirectoryFederationServices2012R2.TokenIssuance
CategoryConfigurationHealth
EnabledTrue
Event_ID186
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableTrue
Alert Message
Duplicate Name Identifier
More than one claim was produced with the same name identifier value after the issuance transform rules were applied to the relying party trust '{0}'. Token issuance for this trust failed.
Event Log$Target/Host/Host/Property[Type="Microsoft.ActiveDirectoryFederationServices2012R2.FederationServer"]/ADFSEventLog$

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
Alert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuancePolicyDuplicateNameIdentifierRule" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuance" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>ConfigurationHealth</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Host/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>$Target/Host/Host/Property[Type="Microsoft.ActiveDirectoryFederationServices2012R2.FederationServer"]/ADFSEventLog$</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="UnsignedInteger">186</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <RegExExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>MatchesMOM2005RegularExpression</Operator>

              <Pattern>(^AD FS$)</Pattern>

            </RegExExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertOwner/>

      <AlertMessageId>$MPElement[Name="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuancePolicyDuplicateNameIdentifierRule.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/Params/Param[2]$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue>$Data/Params/Param[2]$</SuppressionValue>

      </Suppression>

      <Custom1/>

      <Custom2/>

      <Custom3/>

      <Custom4/>

      <Custom5/>

      <Custom6/>

      <Custom7/>

      <Custom8/>

      <Custom9/>

      <Custom10/>

    </WriteAction>

  </WriteActions>

</Rule>