Event ID 715 — Federation Service Malformed Requests

Updated: December 3, 2008

Applies To: Windows Server 2008 R2

yellow

Federation Service Malformed Requests logs information about incorrectly configured or missing data values that reside in the trust policy, along with information about client cookie issues and sign-on issues.

Event Details

Product: Windows Operating System
ID: 715
Source: Microsoft-Windows-ADFS
Version: 6.1
Symbolic Name: UnrecognizedClaimNamespace
Message: The Federation Service encountered an error while parsing a security token. The token contained an unrecognized claim namespace.
Token issuer: %1
Claim namespace: %2

This request will be denied.

This error might occur as a result of incompatibilities between AD FS and third-party software.

User Action
If this error occurs on the Federation Service and the token issuer is an account partner, it may indicate that custom namespaces should be configured for the partner.

If this error occurs on the AD FS Web Agent, it may indicate that the token issuer is not properly configured. Contact the token issuer's administrator.

Resolve

Configure custom namespaces or the token issuer

If this error occurs on the Federation Service and the token issuer is an account partner, it may indicate that custom claim namespaces should be configured for the account partner and the resource partner.

To perform these procedures, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To add custom claim namespaces to the trust policy file:

  1. In Notepad or another text editor, open the trustpolicy.xml file that, by default, is in %systemdrive%\windows\systemdata\adfs.
  2. Find the Namespaces tag and insert the following tags (with a value and close tags) within the Namespaces element:
    • trustnamespace
    • policynamespace
    • addressingnamespace
  3. Save the changes, and then exit NotePad.

If this error occurs on the AD FS Web Agent, it may indicate that the token issuer is not configured to accept namespaces. Contact the resource partner administrator.

Verify

Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed with the appropriate authorization.

Related Management Information

Federation Service Malformed Requests

Active Directory Federation Services

Community Additions

ADD
Show: