Cannot authenticate users using WS-Federation after migrating to 11.2.4

Last Year


Users cannot access the Work Portal using WS-Federation authentication type after upgrading to the 11.2.4 version.

Applies to

Bizagi Studio and Automation server 11.2.4


When you upgrade a project to 11.2.4 using WS- federation, the Work Portal stops working, and users cannot access it.


To keep compatibility with our cloud-based service, Automation Service, the updates to the 11.2.4 version does not change the Web.config file with the WS-federation configuration.


There are two possible solutions:

Solution 1

Before updating your project, change the authentication type to Bizagi. After you successfully update your project, configure the WS-federation authentication type again.

Solution 2

If you already upgraded your project to the 11.2.4 version, open the web.config file located in the following folder: C:\Bizagi\Projects\[Project_Name]\WebApplication

1.    Backup you web.config file

2.    Open the web.config file using a text editor

3.    Search the <configSections> section and delete the following lines:

<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=, Culture=neutral, PublicKeyToken=B77A5C561934E089" />

<section name="" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=, Culture=neutral, PublicKeyToken=B77A5C561934E089" />

4.    Search the <appSettings> section and delete the following lines:

<add key="FederationMetadataLocation" value="" />

5.    Search the <system.web> section and delete the following lines:

<authentication mode="None" />


<deny users="?" />


6.    Search the <modules runAllManagedModulesForAllRequests="true"> section and delete the following lines:

<add name="WSFederationAuthenticationModule" type="BizAgi.Authentication.Authenticator.Federate.WebServerModules.BizagiFederationAuthenticationModule, BizAgi.Authentication" />

<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />

7.    Search the <configuration> section and delete:

<system.identityModel configSource="FederationAuth.config" />



<wsFederation passiveRedirectEnabled="true" issuer="https://{serverADFS}" realm="https://{bizagiHost}/{bizagiProyecto}/" requireHttps="true" />

<cookieHandler requireSsl="false" />



8.    Save the web.config files with all your changes, reset the application server and access the Work Portal again.

Rate this Article:


Last Modified:Last Year
Last Modified By: CarolinaM
Level: Advanced
Rated 5 stars based on 1 vote
Article has been viewed 719 times.