AD FS Authorized Token Error with InforOS

, ,

After a user attempts to log into InforOS using AD FS, if they get the error below “An error occurred”, your first stop should always be the event viewer on the AD FS server.  AD FS errors are logged in the Windows application logs area of the Event Viewer.

If you see the message “The Federation Service could not authorize token issuance for caller <username>”, this means that there is no claims rule on the relying party trust that allows this user to authenticate.

Open the AD FS Manager and go to Relying Party Trusts.  Click “Edit Claim Rules” then “Add Rule”.  Here, you can add an advanced custom rule, but the most common solution is to add the rule “Permit All Users” so that all AD users will have access to this Relying Party Trust, and their final authorization will be completed by Infor Federation Services (IFS).