AADSTS50107: The requested federation realm object <URL> does not exist

[binaryAccess]

Running ADFSpoof generates the token as expected but when replacing the 'wresult' parameter in an authentication flow (through burp) I keep getting the "AADSTS50107: The requested federation realm object does not exist" error.

The generated token look nearly identical to the one that is created by ADFS - I saw another issue that stated that now you have to go through the entire login process as the login.srf request should contain all the headers to the server as opposed to just sending a request with the token (like on the video from RT19) so I wonder if anything else was change that causes the error I am experiencing?

Informative:

• key is converted to binary format
• signing token is decoded with base64 and saved to a file (it looks like the expected binary format as well)

[Keramas]

I would recommend looking at the issuance rules and making sure that the regex for the domain is matching what it shows for the server. There are times when it will not be a direct one-to-one with what is shown to be the issuer identifier.

I have seen cases where it is simply a trailing slash that is added or omitted, or even slicing off more of the domain due to the regex match.

[thalpius]

In the o365 template add a trailing slash.

https://github.com/mandiant/ADFSpoof/blob/master/templates/o365.xml

Change Issuer="http://$AdfsServer/adfs/services/trust" to Issuer="http://$AdfsServer/adfs/services/trust/"