When ADFS-based authentication is enabled, WAN gateway senders are unable to establish an authenticated session with the remote gateway receivers, and replication events are not transmitted. Log files show messages similar to:​

• <ServerConnection on port XXXX Thread YY> tid=ZZZZ ] Continued processing ServerConnection after handshake failed
• <Event Processor for GatewaySender_AAAA> tid=BBBB ]: Could not connect due to: No security credentials are provided

All supported GemFire versions

The server members that host the gateway senders are not supplying valid security credentials to the configured security manager for peer/WAN connections. As a result, the gateway sender’s internal connection pool can open a socket to the remote cache server and gateway receiver, but the authentication step fails, and no authenticated session is created.​

Gateway senders and receivers run “as the server,” meaning they inherit the hosting member’s security configuration rather than using separate client-style credentials, so misconfiguration of server-side authentication or SSL/ADFS integration on either WAN site prevents successful replication.​

Ensure that each cache server participating in WAN replication is configured to obtain and present valid credentials for peer/WAN connections. In particular:​

• Implement an AuthInitialize (or equivalent credential initialization) on the server side so that the security framework can construct credentials for the member when it initiates gateway sender connections.​
• Configure the appropriate GemFire security properties for server/peer authentication (for example, the documented security-* properties used by your security manager/ADFS integration) on all members that host gateway senders and gateway receivers in both WAN sites, ensuring the same authentication mechanism and trust configuration is applied consistently.​

Do not rely on client-only properties such as security-client-auth-init for gateway senders, because WAN connections are established using server/peer authentication rather than separate client credentials.​

Reference:

• Tanzu GemFire: Implementing Authentication