Consider the following scenario:

  • You federate an application through a Windows Server 2012 R2-based AD FS (Active Directory Federation Services) instance that is an identity provider for the application.

  • You define a Relying Party (RP) trust to the application on the AD FS instance. Additionally, you configure the application to send signed SAML requests that have percent-encoded characters in uppercase to the AD FS instance.

  • You define a Claims Provider trust on the Windows Server 2012 R2-based AD FS instance to point to another AD FS instance that has an RP trust defined.

  • You try to sign in to the application, and then the Home Realm Discovery page is displayed.

In this scenario, you cannot sign in to the application because the signature verification fails. Additionally, event ID 303 is logged on the AD FS instance, and it contains the following error message:

The Federation Service encountered an error while processing the SAML authentication request.


To resolve this problem, install the November 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

See the terminology that Microsoft uses to describe software updates.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!