Symptoms
2011-04-18T14:48:58 [INFO] Processing HTTP POST: https://adfs.contoso.com/adfs/fs/federationserverservice.asmx 2011-04-18T14:48:58 [VERBOSE] Received message that is not SignIn Request or Response. 2011-04-18T14:48:58 [VERBOSE] InternalGetTrustedRealmUri: email - Group Claim Name 2011-04-18T14:48:58 [ERROR] Rejecting name 'Group Claim Name' because it lacks prefix Cause The Federation Service is not configured to allow anonymous resolution of group claim names. Resolution AD FS 1.1 in Windows Server 2008 and Windows Server 2008 R2 adds a feature which allows an administrator to decide whether to allow anonymous access to resolve Organization Claim names of type Group. This is implemented in a checkbox on the Advanced tab of the Federation Service Properties dialog in the AD FS 1.1 MMC console. If you wish to allow the anonymous access to resolve group claim names, you must check this checkbox. When SharePoint People Picker invokes SingleSignOnRoleProvider2 to resolve the name, this call to the FederationServerService.asmx is performed anonymously, and it is a requirement that the checkbox is checked on the Federation Service in order to allow the People Picker to function as expected. More Information AD FS 1.0 on Windows Server 2003 R2 allows anonymous access to resolve Organization Claim names of type Group by default, thus the checkbox described above does not exist in AD FS 1.0.
Patris_70 edited Revision 1. Comment: deleted (en-US) title
Craig Lussier edited Original. Comment: added en-US to tags and title