ADFS doesn't have P3P policy

zuboje picture zuboje · Aug 18, 2015 · Viewed 11.4k times · Source

I have application that uses SAML authentication, we have installed AD FS 3.0 on 2012 R2 machine. I think users do get authenticated but there is an issue with it as my application returns error, here is response header that I get:

HTTP/1.1 200 OK
Cache-Control: no-cache,no-store
Pragma: no-cache
Content-Length: 5851
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-HTTPAPI/2.0
P3P: CP="ADFS doesn't have P3P policy, please contact your site's admin for more details."
Set-Cookie: MSISAuthenticated=OC8xOC8yMDE1IDI6NTg6MzQgUE0=; path=/adfs; HttpOnly; Secure
Set-Cookie: MSISLoopDetectionCookie=MjAxNS0wOC0xODoxNDo1ODozNFpcMQ==; path=/adfs; HttpOnly; Secure
Date: Tue, 18 Aug 2015 14:58:34 GMT

Now what the problem is with this, to my understanding user does get authenticated, but yet my application fails to continue. Searching google I found this link, but this KB is installed on ADFS server. I believe due to P3P error, this is failing. Any suggestions?

Answer

JEuvin picture JEuvin · Nov 25, 2019

Found this in a forum hopefully it works for some of you:

Run theses commands (this is what ultimately worked):

On TptDevADFS1 (server with ADFS 3 installed).

Used this command file on TptDevADFS1:
SETLOCAL
SET cert_folder=%HOMEPATH%\Documents\Certificates
IF NOT EXIST "%cert_folder%" md "%cert_folder"
SET sdk_folder=C:\Program Files (x86)\Windows Kits\8.1\bin\x64
IF NOT EXIST "%sdk_folder%" ECHO SDK FOLDER %sdk_folder% NOT FOUND.
IF NOT EXIST "%sdk_folder%" EXIT
CD "%sdk_folder%"
echo makecert -r -pe -n "CN=*.TptDev.com" -ss my -sr LocalMachine -eku "1.3.6.1.5.5.7.3.1","1.3.6.1.4.1.311.10.3.12" -len 2048 -sky exchange -e "01/01/2021" "%cert_folder%\TptDev.com_%COMPUTERNAME%_wildcard_exchDocSign.cer"
ENDLOCAL
Resulted in this command and output:
C:\Program Files (x86)\Windows Kits\8.1\bin\x64>makecert -r -pe -n "CN=*.TptDev.com" -ss my -sr LocalMachine -eku "1.3.6.1.5.5.7.3.1","1.3.6.1.4.1.311.10.3.12" -len 2048 -sky exchange -e "01/01/2021" "\Users\Administrator.TPTDEV\Documents\Certificates\TptDev.com_TPTDEVADFS1_wildcard_exchDocSign.cer"

Succeeded

C:\Program Files (x86)\Windows Kits\8.1\bin\x64>
The above command imported the certificate into
(Local Computer) Personal->Certificates (aka as certificate store “My”).
Then browse to certificate file and imported it (with exportable key) to
(Local Computer) Trusted Root Certificate Authorities->Certificates
Export key in Personal store as PFX file with options:
include private key, include all certs in chain, export all extended properties.
Copy file to TptDevCRM1 (Server Dynamics CRM 2015 is installed on).
On TptDevCRM1 (server with Dynamics CRM 2015 installed)

Imported PFX certificate (file) into (Local Computer) Personal->Certificates.
Imported PFX certificate (file) into (Local Computer) Trusted Root Certificate Authorities->Certificates