Hi,
We are attempting to add ADFS authentication to SharePoint in a combined Kerberos/ADFS setup. Clients connected to the internal network use Windows Authentication, and remote clients use ADFS for authentication. (We're usinghttps://spautomaticsignin.codeplex.com/). This works well in a browser, but does not seem to work for local Office clients (e.g Word, OneDrive for Business).
When a user tries to save a file to the SharePoint document library with an Office application, it saysUpload Failed: You are required to sign in to upload your changes to this location. Clicking the Sign In button does not seem to do anything.
Looking at a network trace as Word attempts to sign in shows an HTTP request to/_vti_bin/cellstorage.svc/CellStorageService with a FedAuth cookie but no Authentication header, which gets a 401 response with theWWW-Authenticate header set to Negotiate,NTLM. Based on my understanding, Word should then re-try the request with the Kerberos ticket, but Word does not seem to retry at all.
OneNote gives a real error message:
Error code: 0x803D001F) There was an error communicating with the endpoint at 'http://{SharePoint URL inside network}/_vti_bin/webs.asmx'.; The server returned HTTP status code '401 (0x191)' with text 'Unauthorized'.; The server requires HTTP authentication scheme 'negotiate'.
We are using Office 2013 and 2016 and SharePoint 2013. ADFS is version 3.0 on Windows Server 2012 R2.
Note: I originally posted this at http://sharepoint.stackexchange.com/questions/200674/upload-failed-in-office-client-after-adding-adfs
Thanks