Another challenging ADFS issue came to me this week. Here the problem was that internal user were not able to authenticate. They receive a login prompt and after providing credentials they received a “HTTP 400 bad request” error message. When users were external and use FBA they were able to login successfully. Also wen internal and the users used a different browser then Internet Explorer the were also presented with FBA and were able to login. Clearly only the login with Windows Integrated Authentication failed. And of course al was working just fine and stopped working about a week ago.
In this environment the ADFS and resource servers were in a different domain than the user accounts were. For more detail see the picture below. Beware it’s only a part of the authentication process to illustrate the topology.
After some research i ruled out serveral known issue’s like: