Quantcast
Channel: Claims based access platform (CBA), code-named Geneva forum
Viewing all 2535 articles
Browse latest View live

صيانة سامسونج | توكيل غسالات سامسونج 26712611 اصلاح دراير سامسونج Samsung

March 11, 2016, 10:46 pm
$
0
0

توكيل غسالات سامسونج  صيانة غسالات سامسونج صيانة سامسونج 01112225525 – 01012960060 Samsung  توكيل غسالات سامسونج مدينة نصر - توكيل غسالات سامسونج مصر الجديدة - توكيل غسالات سامسونج الرحاب 
توكيل ثلاجات سامسونج مركز صيانة سامسونج
توكيل غسالات سامسونج التجمع الاول توكيل غسالات سامسونج التجمع الثالث - توكيل غسالات سامسونج التجمع الخامس
توكيل سامسونج الاسكندرية توكيل سامسونج الساحل الشمالى توكيل سامسونج مارينا توكيل سامسونج قرية مراقيا
صيانة سامسونج وكيل سامسونج خدمة سامسونج اصلاح سامسونج مركز صيانة سامسونج
توكيل ثلاجات سامسونج صيانة ثلاجات سامسونج شركة سامسونج اصلاح سامسونج وكلاء صيانة سامسونج صيانة سامسونج فى مصر صيانة سامسونج المعتمد 
صيانة توكيل غسالات سامسونج صيانة وكيل سامسونج صيانة غسالات سامسونج توكيل غسالات سامسونج
Agent Samsung Agent Refrigerator Samsung Maintenance Samsung Refrigerator Samsung
 Repair Samsung Maintenance Agents Samsung Maintenance Samsung in Egypt
 approved Maintenance Samsung Washers Samsung Maintenance Agent Samsung
توكيل غسالات سامسونج فى مصر توكيل غسالات سامسونج المعتمد صيانة سامسونج توكيل غسالات سامسونج الوكيل الرسمى 
وكيل سامسونج توكيل صيانة سامسونج Samsung
توكيل غسالات سامسونج مدينة نصر - توكيل غسالات سامسونج مصر الجديدة - توكيل غسالات سامسونج الرحاب 
توكيل غسالات سامسونج التجمع الاول توكيل غسالات سامسونج التجمع الثالث - توكيل غسالات سامسونج التجمع الخامس – توكيل غسالات سامسونج شيراتون والمطار , توكيل غسالات سامسونج القاهرة الجديدة توكيل غسالات سامسونج عمارات العبور
توكيل غسالات سامسونج فى مدينة نصر - توكيل غسالات سامسونج فى مصر الجديدة - توكيل غسالات سامسونج فى الرحاب – 
توكيل غسالات سامسونج فى التجمع الاول - توكيل غسالات سامسونج فى التجمع الثالث - توكيل غسالات سامسونج فى التجمع الخامس – 
توكيل غسالات سامسونج فى شيراتون والمطار , توكيل غسالات سامسونج فى القاهرة الجديدة
توكيل غسالات سامسونج فى المقطم - توكيل غسالات سامسونج فى المعادى - توكيل غسالات سامسونج فى الزمالك - توكيل غسالات سامسونج فى المهندسين
توكيل غسالات سامسونج فى الدقى - توكيل غسالات سامسونج فى روض الفرج - توكيل غسالات سامسونج فى الهرم - توكيل غسالات سامسونج فى فيصل
توكيل غسالات سامسونج فى المنيل توكيل غسالات سامسونج فى الشيخ زايد توكيل غسالات سامسونج فى بولاق 
توكيل غسالات سامسونج فى العجوزة توكيل غسالات سامسونج فى حدائق الاهرام
توكيل غسالات سامسونج فى الجيزة - توكيل غسالات سامسونج فى 6 اكتوبر
توكيل غسالات سامسونج فى مدينة نصر - توكيل غسالات سامسونج فى مصر الجديدة - توكيل غسالات سامسونج فى الرحاب – 
توكيل غسالات سامسونج فى التجمع الاول - توكيل غسالات سامسونج فى التجمع الثالث - توكيل غسالات سامسونج فى التجمع الخامس – 
توكيل غسالات سامسونج فى شيراتون والمطار , توكيل غسالات سامسونج فى القاهرة الجديدة
توكيل غسالات سامسونج فى المقطم - توكيل غسالات سامسونج فى المعادى - توكيل غسالات سامسونج فى الزمالك - توكيل غسالات سامسونج فى المهندسين
للاجهزة المنزلية صيانة سامسونج غسالات ثلاجات وكيل سامسونج
توكيل غسالات سامسونج توكيل غسالات سامسونج ديب فريزر توكيل غسالات سامسونج وكيل الصيانة 
خدمة سامسونج مركز سامسونج مركز صيانة سامسونج 
توكيل غسالات سامسونج عمارات العبور وكلاء صيانة سامسونج فى مصر توكيل غسالات سامسونج للثلاجات توكيل غسالات سامسونج ثلاجة 
 اذا كنت فى احتياج لعمل صيانة على ثلاجة سامسونج او غسالة سامسونج و انتة فى اطمان فعليك الاتصال بنا نحن فى خدمتك اينما كنت نحن نخدم جميع المحافظات 
و المراكز و المدن من المركز الرئيسى للصيانة لنسعى أن نكون الاول و الاسرع فى التعامل معك .
نحن نحقق لك شيئا مميزا يعانى منها الكثيرون من سوء أختيار " المهندس او الشركة " الغير مناسبة لصيانة أجهزتهم .
تتبع الشركة الأساليب الحديثة المتقدمة فى تنفيذ اعمال الصيانة لآرضاء احتياجات العملاء فى عنصر الوقت و الاحساس بالتميز .
نعمل بأحدث أجهزة لتحديد الاعطال و التغلب عليها لدينا الخبرة المهنية تحت اشرف مهندسين متخصصون فى التعامل مع أجهزتكم بتقنية عالية .
هدفنا هو أرضاء العميل , وراحة بالة بعد زيارتنا عملاؤنا هم سر نجاحنا .
سامسونج القاهرة , سامسونج الإسكندرية , سامسونج البحيرة , سامسونج الدقهلية , سامسونج دمياط , سامسونج الفيوم , سامسونج الغربية , سامسونج الجيزة ,
 سامسونج الإسماعيلة , سامسونج كفر الشيخ , سامسونج المنوفية , سامسونج بورسعيد , سامسونج القليوبية , سامسونج الشرقية , سامسونج السويس , سامسونج بنها , سامسونج طنطا , سامسونج المنصورة .
قمة الالتزام بمعايير جودة الخدمات التى نقدمها لعملائنا حرصا على بناء علاقة دائم معهم لنكون الوحيدين الذين يشعرون اتجاههم بالامان والثقة ونسعى جاهدين الى تغيير النظرة السائدة فى مصر عن الصيانة نحن فى ثقة متابدلة مع العميل
نحن الوحيدون الذين لدينا قطع غيار أصلية لجميع منتاجات سامسونج مستوردة لجميع الموديلات سامسونج نسعى دائما للاحدث و الموديلات الجديدة سامسونج 
مما يشمل قطع غيار ثلاجة سامسونج , قطع غيار غسالة سامسونج , قطع غيار دراير سامسونج , قطع غيار ديب فريزر سامسونج , قطع غيار غسالة اطباق سامسونج , غسالاتال 5 كيلو و 7 كيلو و 10 كيلو
 للحفاظ على كفاءة الجهاز و استمرارية التشغيل و تفعيل ضمان سامسونج .
مركز سامسونج للصيانة مركز صيانة ثلاجات سامسونج ؛؛ مركز صيانة غسالات سامسونج
تتشرف أسرة الشركة في التعامل مع سيادتكم وتلبية كافة رغباتكم ونعدكم بالالتزام والكفاءه في تقديم خدمة الصيانة
وكيل سامسونج , صيانة سامسونج ,مركز صيانة سامسونج, توكيل, صيانة ثلاجات سامسونج
Search

CRM 2013, ADFS 3.0 and WAP

March 12, 2016, 4:26 am
$
0
0

Hey Everyone,

We had CRM 2013 and ADFS 2.0 in our environment and IFD was later enabled and CRM was viewable externally. We have now decided to move from ADFS 2.0 to ADFS 3.0 on another server and use WAP.

We have created the same 2 rules for Internal and External Relying Party Trust on ADFS 3.0 (verf.schs.sharjah.ae)

Internal Relying Party Trust: (Identifiers)

External Relying Party Trust: (Identifiers)

Both of the above have the following Claim Rules

  • Pass-through UPN
  • Pass-through SID
  • Transform Windows Account

For the authentication policies, in the Extranet we have enabled Forms Authentication whereas for Intranet both Forms and Windows Authentication are enabled.

 

On the CRM Server Deployment Manager the Federation Metadata URL is

https://verf.schs.sharjah.ae/FederationMetadata/2007-06/FederationMetadata.xml

And the correct certificate is chosen. Whereas for the CRM IFD Deployment

  • Web Application Server name: schs.sharjah.ae:457
  • Organization Web Service Domain Name: schs.sharjah.ae:457
  • Discovery Web Service Domain Name: dev.schs.sharjah.ae:457
  • External Domain where the IFD Servers are located: auth.schs.sharjah.ae:457

Now locally if we use the external hyperlink which is https://sharjahcityforhumanitarianserv.schs.sharjah.ae:457/ (since we have the host record pointing to the CRM server internally), we first hit the ADFS page and after entering the credentials it goes to the CRM Portal.

For the WAP Configuration, we have set it up correctly and able to communicate with the ADFS server. We have successfully published SharePoint 2013 externally through it using ADFS pre-authentication. For CRM we have created 4 rules using Pass-Through Authentication for the following

We have disabled URL translation for all URLs above except for https://verf.schs.sharjah.ae (ADFS 3.0 Service). We have followed this guide to achieve ithttps://blogs.technet.microsoft.com/dynamicspts/2014/10/01/using-web-application-proxy-to-publish-dynamics-crm-2013-to-the-internet/

All the URLs have Public DNS Records created and NATS have been done to the WAP Server. However when we browse the main Organization URL,https://sharjahcityforhumanitarianserv.schs.sharjah.ae:457/ it doesn't get redirected to the ADFS server.

I don't know what's the exact problem whether its to do with the external relying party trust on ADFS 3.0 or the WAP rules. I have tried searching but cant find much of a solution.

Any help would be greatly appreciated!

* Note: Both ADFS and WAP servers are joined to the domain

MVI - Most Valuable Indian

Use of OAuth2 Endpoint and JWT in Windows 2012 R2 ADFS

August 28, 2013, 6:26 am
$
0
0

Hi

We would like to use the OAuth2 Endpoint and JWT Tokens Features from the Windows 2012 R2 Server in MVC 4 and Web API Services.

But all Examples related to this Topics are leading to Win Apps and the ADAL Library (which is only usable in Client Software).

Did anyone make a successful Example in getting JWT Tokens from the new ADFS Version?

Kind Regards
André

How Does ADFS 2.0 Know Which IdP(Claims Provider) to Send the Request To?

February 23, 2016, 12:46 pm
$
0
0
Hey all, I'm trying to figure out how ADFS knows which Claims Provider to send a request to. Let's say I host a Federated SSO SharePoint website and it's being set up so that a 3rd party can access it via SSO. I have an ADFS server and the 3rd party has an ADFS server. When a 3rd party user accesses our SharePoint claims-enabled website, SP sends the request over to our ADFS server. Now how does ADFS know to send the request to the 3rd party ADFS server to get the security token with the claims? Is it embedded in the url that the 3rd party uses to access our SP site? Is it somewhere in the configuration of the SP site? Any feedback or clarification appreciated. Thanks. 

2012 R2 ADFS - IE Integrated Authentication Not Working

May 15, 2014, 8:44 am
$
0
0

We have an ADFS 2.0 environment based upon Server 2008 R2.  Now, we're building an ADFS 3.0 environment on Server 2012 R2.  Within ADFS 2.0, we could craft an IDP-initiated URL that would, from a user point of view, go directly to the target website.  However, with 3.0, a similarly crafted URL is always showing the user the idpinitiatedsignon.aspx page and forcing the user to select the 'Sign in' button. 

Why does ADFS 3.0 not just do passthrough authentication with the users' logged in credentials and redirect to the target, relying party's website?  Is there a setting to enable this functionality and keep the experience with which our end users are familiar?  (Sometimes training end users to a different experience can be challenging.)


ADFS 2.0 - Does Adding the Second Claims Provider Trust Bring Up Home Realm Screen ?

March 14, 2016, 5:18 am
$
0
0
Hi all, I've got a true or false question that I was hoping to have answered just so that I know what to expect. Let's say that there is an ADFS 2.0 system set up and the only thing that it does is provide Single Sign On access to about 10 third party Relying Party Trusts. This system works great. A new requirement comes in such that this ADFS system now needs to be set up to provide single sign on access to an internal web application system for a client. In setting that up, a new claims provider trust needs to be added. There's only one claims provider trust right now and that's for the local Active Directory. Here's the true or false question: When the second claims provider trust is added, will a home realm discovery screen be presented to all of the users that are attempting to access any of the Relying Party Trust applications?  If the answer is 'true', is there any way to not show the home realm screen and have it default to the Active Directory claims provider trust?  Any feedback would be much appreciated.

ADFS can access IBM TDS for authentication?

March 14, 2016, 11:10 am
$
0
0

Hi,

We are using IBM Web sphere Portal with IBM Tivoli Directory Service (TDS) storing the customer details. 

We are planning to interface our Portal with third party vendor. We don't have SAML 2.0 SSO solution for that.

But we have ADFS as SAML SSO solution for our internal employees and authentication done using AD details.

Can we extend to use ADFS as SSO solution for our portal and the third party vendor application ? Can ADFS  call a IBM TDS webservice for authenticating customers ? Please advise.

Thanks,

Raj.

Single Sign Out with Relying Party STS

September 2, 2015, 8:35 am
$
0
0

I am implementing Single Sign Out functionality. My setup is: ASP.NET Relying Party <-> Relying Party STS <-> SAML2 STS. SAML2 STS has user directory. I am using ADFS 3.0 for Relying Party STS. ASP.NET Relying Party communicates with Relying Party STS using WS-Federation protocol and Relying Party STS communicates with SAML2 STS via SAML2 protocol. 

The behavior I am trying to implement is Single Sign Out functionality. When user sign off from ASP.NET application,  ASP.NET application sends sign off request to Relying Party STS using FS-Federation protocol. Relying Party STS forwards sign out request to SAML2 STS using SAML2 protocol first time. But if user logs in immediately back and logout again, Relying Party doesn't forward sign out request to SAML2 STS. Instead of forwarding sign out request to SAML2 STS, user sees Logged out pages of Relying Party STS (ADFS 3.0). It seems like ADFS 3.0 maintain MSISSignoutProtocol cookie for 10 minutes and until that cookie is not expired, it doesn't forward sign out request to SAML2 STS.

How can I fix this issue? I want user to get redirected to SAML2 STS by Relying Party STS (ADFS 3.0) always when user logs out. Is there any configuration available to override the behavior that I am seeing on ADFS 3.0?

Thank you!


Search

Multi-Tenant Branding: Single ADFS Farm, multiple branding based on requested domain name

March 15, 2016, 1:31 pm
$
0
0

Has anyone tried to make the branding automatically change based on requested url:

https://login.customdns.com/adfs/ls/idpinitiatedsignon

https://login.anotherRealm.com/adfs/ls/idpinitiatedsignon

...

This must be a very common request from companies hosting MSCRM. Although MSCRM always uses a single sts url. Maybe a referal parameter could be used to select branding options.

Or the only way to brand for each dns domain name is to install a single ADFS server per Tenant? 


Monitoring Adfs 3.0

March 16, 2016, 12:13 am
$
0
0

Hi experts!

I have adfs farm. I want create web site for web check. How i do it? 

WordPress authentication with SimpleSAMLphp using ADFS

March 16, 2016, 2:59 am
$
0
0

Hi,

I have setup:

Windows 2012 r2 with ADFS 3.0, WordPress(WP) 4.2.2 with SAML single sign on plugin(SP), SimpleSAMLphp(SSP) v1.13(IdP).

I am using this setup for:

To authenticate WP user with SSP.

The flow goes like this:

User send authentication request from WP. Request is received by ADFS and forwarded to SSP (claims party). SSP authenticates user with help of radius server using AD, sends response to ADFS which in turn acknowledges WP.

Configuration:

  • At claims trust party:
  1. SSP has users' attributes as: "User-Name", "Filter-Id" for user id, and group of user respectively.
  • At Relying trust party:
  1. WP's service provider is configured as:
  • username attribute: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
  • group attribute: http://schemas.xmlsoap.org/claims/Group
  • Group "test" is cofigured as WP admin

NameIDPolicy is set as emailAddress for all the parties.

ADFS is configured as:

SSP for claims party trust.

Rules are set as:

Rule 1:

 c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] == "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"] => issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);


Rule 2:

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"] => add(Type = "http://schemas.xmlsoap.org/claims/Group", Value = "test");


WP is set relying party trust:

Claims rules are set as:

Rule 1:

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"] => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");


Rule 2:

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", "http://schemas.xmlsoap.org/claims/Group"), query = ";mail,sAMAccountName,givenName,sn,tokenGroups;{0}", param = c.Value);

This setup authenticates user at SSP, but gives error as "A Username was not provided" at WP.

My guess is that I have set claims rules wrong.

How can I go about to solve this problem.

Thanks!

Xml attributes in SAML Response in ADFS

April 17, 2012, 7:36 pm
$
0
0

Is there a way to specify xml attributes in the AttributeValue element in ADFS (in italics below)?  We have a vendor that "requires" these attributes.  I'm trying to find a workaround even though ADFS is generating a valid SAML response. I've tried a couple of different custom claim rules but haven't had much luck.

Vendor wants...

            <AttributeStatement>

                     <Attribute Name="alias">
                     <AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"

                                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">xxxxxxx</AttributeValue>

                     </Attribute

              </AttributeStatement>

ADFS generates....

        <AttributeStatement>

                    <AttributeName="alias">
                    <AttributeValue>xxxxxxx</AttributeValue>

                    </Attribute>

             </AttributeStatement>

SharePoint with ADFS claims

March 17, 2016, 2:29 pm
$
0
0

We are using SharePoint with claim based authentication with ADFS. The reason is that we have two domains that start with corp..

From one domain I have only one user that cannot access Inview as ADFS does not issue her a claim:

-<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

-<System>

 <Provider Name="AD FS 2.0" Guid="{20E25DDB-09E5-404B-8A56-EDAE2F12EE81}" />

 <EventID>325</EventID>

 <Version>0</Version>

 <Level>2</Level>

 <Task>0</Task>

 <Opcode>0</Opcode>

 <Keywords>0x8000000000000001</Keywords>

 <TimeCreatedSystemTime="2016-03-17T16:02:49.121422500Z" />

 <EventRecordID>941189</EventRecordID>

 <CorrelationActivityID="{1BC4B991-C146-4994-948B-E971DF6A4736}" />

 <Execution ProcessID="8788" ThreadID="12048" />

 <Channel>AD FS 2.0/Admin</Channel>

 <Computer>SDALHVMADFSPXXXXadsprod.local</Computer>

 <Security UserID="S-1-5-21-2026373236-376688760-XXXXXXX37700-2208" />

 </System>

-<UserData>

-<Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">

-<EventData>

 <Data>12f6d5e5-3526-466d-886a-9b26d71f8e12</Data>

 <Data>CORP\a691705</Data>

 <Data>https://Somesite.com/_trust/</Data>

 <Data>Microsoft.IdentityServer.Service.IssuancePipeline.CallerAuthorizationException: MSIS5007: The caller authorization failed for caller identity CORP\a691705 for relying party
trust https://inview.alliancedata.com/_trust/. at Microsoft.IdentityModel.Threading.AsyncResult.End(IAsyncResult result) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult.End(IAsyncResult ar) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.EndProcessCore(IAsyncResult ar, String requestAction, String responseAction, String trustNamespace)</Data>

 </EventData>

 </Event>

 </UserData>

 </Event>

ADFS Deployment Topology/Architecture

December 19, 2012, 6:17 pm
$
0
0

We need some advise on the ADFS topology we are planning to deploy; if it will work or not.

Our ADS description

  • Win 2008 R2 based single forest with just the forest root domain
  • AD Forest root domain spans across two AD Sites, each site with a couple of DC's
  • approximately we have 750 users in our AD Domain

Our requirement

  • We have 4 email domains & we plan to move to O365 Exchange service for all the four email domains.
  • we plan to subscribe O365 service for all our 4 email domains
  • We also plan to implement ADFS with WID for SSO
  • we do not wish to provide SSO for users outside our AD Site LAN network. so we do not need a ADFS proxy.

Our ADFS Deployment Plan

  • In AD-Site-1 create a NLB using windows feature on two member server machines & deploy an ADFS/WID farm with an url such ashttps://one.domainname.rootdomain. Also deploy Dir Sync on another system & then configure SSO
  • In AD-Site-2 create a NLB using windows feature on two member server machines & deploy an ADFS/WID farm with an url such ashttps://two.domainname.rootdomain. Also deploy Dir Sync on another system & then configure SSO
  • when the AD-Site-1 goes down completely we will switch O365 integration to use ADFS in AD-Site-2

Our Query

  • Is the above topology workable?
  • Can we have two ADFS NLB farms or even two Standalone ADFS instances in a Single AD Domain?
  • will WID database of ADFS Farm one in ADSite1 replicate automatically with ADFS Farm two in ADSite2 ? or will the WID DB of both the farms act independently ?
  • Can we use a single wild card SSL certificates on all our ADFS servers in both the farm?



Seperate Authentication per relying party trust.

March 18, 2016, 11:08 am
$
0
0
At our school district we use Office 365 for storage but use chrome books as the device. I have setup ADFS for both entities, however I must use Forms based authentication for google chrome books.  I would like to configure integrated authentication for Office 365 and forms based for google.  Have not found a way to get this done.
Search

Azure Active Directory password reset.!!

March 21, 2016, 8:25 pm
$
0
0

Hi All,

User Enabled for password rest is Yes and the user is already registered with the email id and mobile number. However the password reset feature is not working, when the user try to reset the password it shows "Your account has not been enabled for password reset". Kindly let me know, how to set up the password reset for the user in Azure.

user password reset policy.

Your account has not been enabled for password reset.

Regards,
RajavillageSync

ADFS 3.0 Service fails after enabling relay state

March 23, 2016, 2:51 am
$
0
0

Hi,

We have ADFS 3.0 deployed and working. We have a requirement to enable relay state. The config file that controls this has been updated but when we now try and start the service we get "Error 1053: The service did not respond to the start or control request in a timely fashion".

Removing the entry from the config file the service starts as normal.

To enable we edited the file %systemroot%\ADFS\Microsoft.IdentityServer.Servicehost.exe.configand under section <microsoft.identityServer.web> added the line<useRelayStateForIdpInitiatedSignOn enabled=”true” />

Has anyone come across this before?

Thanks

David

ADFS auto-renewed token signing certificate and Proxy

September 18, 2012, 5:16 am
$
0
0
I have trouble finding definite answer to the fundamentals of ADFS token-signing certificate when using ADFS generated certificates and ADFS Proxy.

When installing ADFS and Proxy, I need to export the ADFS generated self-signed token-signing certificate and make it trusted on both ADFS and Proxy.

But when ADFS generates new certificates (once a year by default), do I need to manually export the generated certificate again and make it trusted on both ADFS and Proxy?

Is setting token-signing certificate as trusted enough, or should I do the same also for token-decrypting certificate?

Thanks!

PS. This is a cross-post of http://community.office365.com/en-us/forums/178/p/65913/254393.aspx#254393, as I think this forum is the correct place for this question as it is more about ADFS itself than Office 365.

ADFS Federation Trust between two forests with One-Way trust

June 2, 2015, 6:39 pm
$
0
0

Hi

I have two forests abc.com and xyz.com. There is one-way outgoing trust from abc.com to xyz.com i.e. users from xyz.com can login to abc.com. I have a non-claims aware application configured in abc.com and users from xyz.com should be able to access it over public internet. There is one ADFS 3.0 farm installed in abc.com network with Service Account created in abc.com and users who have accounts in abc.com can login to the application using ADFS login page. But users from xyz.com cannot login even though they have access. This is because ADFS service Acount cannot query the xyz.com forest.

My question is if we install an ADFS farm in xyz.com and then create a Federation Trust between ADFS farms (in abc.com and xyz.com), whether users from xyz.com can access the application?

Regards, Sarath

ADFS - Websphere example

March 28, 2016, 11:36 pm
$
0
0

Good Morning,

Is there an example on how to configure Websphere Application Server to use ADFS as web sso (saml)?

Until now, I have not found the exact configuration of the ACS interceptor in Websphere to works with ADFS.

Thanks

Best Regards,

Régis

Viewing all 2535 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>