Event ID 715 — Federation Service Malformed Requests
Applies To: Windows Server 2008
.jpg)
Federation Service Malformed Requests logs information about incorrectly configured or missing data values that reside in the trust policy, along with information about client cookie issues and sign-on issues.
Event Details
| Product: | Windows Operating System |
| ID: | 715 |
| Source: | Microsoft-Windows-ADFS |
| Version: | 6.0 |
| Symbolic Name: | UnrecognizedClaimNamespace |
| Message: | The Federation Service encountered an error while parsing a security token. The token contained an unrecognized claim namespace. Token issuer: %1 Claim namespace: %2 This request will be denied. This error might occur as a result of incompatibilities between AD FS and third-party software. User Action If this error occurs on the Federation Service and the token issuer is an account partner, it may indicate that custom namespaces should be configured for the partner. If this error occurs on the AD FS Web Agent, it may indicate that the token issuer is not properly configured. Contact the token issuer's administrator. |
Resolve
Configure custom namespaces or the token issuer
If this error occurs on the Federation Service and the token issuer is an account partner, it may indicate that custom claim namespaces should be configured for the account partner and the resource partner.
To perform these procedures, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.
To add custom claim namespaces to the trust policy file:
- In Notepad or another text editor, open the trustpolicy.xml file that, by default, is in %systemdrive%\windows\systemdata\adfs.
- Find the Namespaces tag and insert the following tags (with a value and close tags) within the Namespaces element:
- trustnamespace
- policynamespace
- addressingnamespace
- Save the changes, and then exit NotePad.
If this error occurs on the AD FS Web Agent, it may indicate that the token issuer is not configured to accept namespaces. Contact the resource partner administrator.
Verify
Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed with the appropriate authorization.