As you may know, a quick way to test your ADFS deployment is to access the idpinitiatedsignon sign page.

As usual, I tried it after deploying my new ADFS 4.0 server and… got this error message

The resource you are trying to access is not available. Contact your administrator for more information.

image 

And the following event is logged

Log Name:      AD FS/Admin
Source:        AD FS
Date:          2/10/2016 7:22:24 AM
Event ID:      364
Task Category: None
Level:         Error
Keywords:      AD FS
User:         
Computer:     
Description:
Encountered error during federation passive request.

Additional Data

Protocol Name:
 

Relying Party:
 

Exception details:
Microsoft.IdentityServer.Web.IdPInitiatedSignonPageDisabledException: MSIS7012: An error occurred while processing the request. Contact your administrator for details.
   at Microsoft.IdentityServer.Web.Protocols.Saml.IdpInitiatedSignOnRequestSerializer.ReadMessage(WrappedHttpListenerRequest httpRequest)
   at Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest httpRequest)
   at Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest request, ProtocolContext& protocolContext)
   at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request)
   at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext& protocolContext, PassiveProtocolHandler& protocolHandler)
   at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

 

So basically, this says the idpinitiatedsignon is disabled; which is quite annoying.

So, looking at the ADFS properties (Get-AdfsProperties | fl *idpinitiatedsignon*) for the page it shows indeed this is disabled

image 

To solve it, just run Set-AdfsProperties -EnableIdpInitiatedSignonPage $true

image