SharePoint 2013 integration problems and solutions - SSO

This page lists some problems that may occur during the configuration and how to solve them.

SharePoint: Creating SPTrustedIdentityTokenIssuer fails

Symptom:

When executing the command New-SPTrustedIdentityTokenIssuer <attributes> the following error appears: 

New-SPTrustedIdentityTokenIssuer : Exception of type 'System.ArgumentException' was thrown.
Parameter name: newProvider

Solution:

There can be only one SPTrustedIdentityTokenIssuer at a time. Type
Get-SPTrustedIdentityTokenIssuer
in the SharePoint Management Shell to find out if a SPTrustedIdentityTokenIssuer already exists. Either delete the current SPTrustedIdentityTokenIssuer with the command
Remove-SPTrustedIdentityTokenIssuer
or extend the existing one.

SharePoint is not receiving the identifying claim

Symptom:

The authentication with Ubisecure SSO works, but after the final SharePoint redirect the following error message is shown (in SharePoint context):

An unexpected error has occurred. 
Troubleshoot issues with Microsoft SharePoint Foundation. 
Correlation ID: xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx

Solution:

SharePoint is not receiving the user-identifying claim. The identifying claim is the one the -IdentifierClaim attribute specifies.

Office asks for a client certificate

Symptom:

When opening a SharePoint library directly from an Office application the user is asked for a client certificate.

Solution:

The client does not trust the SSL certificate that the SharePoint or AD FS 2.0 provides. Verify that the certificates are signed by a root authority that your client trusts.

Ubisecure SSO displays an error "The requested agent was not found"

Symptom:

The authentication with Ubisecure SSO fails with an error message displayed in red: "The requested agent was not found".

Solution:

The URN must be identical in both the SharePoint installation and the Ubisecure SSO. Please see the first two steps in SharePoint 2013 integration configuration - SSO for further instructions.