ADFS 3.0: suggested approach to implement web SSO & claim-awareness in...
We are adopting ADFS 3.0 to achieve the following on a few existing web applications:Authentication via ADFS 3.0Web SSOAuthorization based on claimsWe'd like to achieve as many of the above goals with...
View ArticleAD FS SAML logout request results in Requester status code
We are trying to integrate an application login/logout with AD FS 3.0 using SAML 2.0. We have a Spring sample app that we have integrated and have working. While we can get SSO to work, we cannot get...
View ArticleSamlSecurityTokenHandler.ValidateToken : ID4220
Hi ! We're trying to implement some security within a NServiceBus process. So the UI gets a token from thye ADFS first. Then, whenever a persistence action is launched, we get the token from the...
View ArticleADFS 2.0 SSO The data protection operation was unsuccessful
Hi all,I am using Identity Training Kit for VS 2010 sample Labs\WebSitesAndIdentity\Source\Ex3-FederatingADFSv2and I have error: Server Error in '/ClaimsEnableWebSite' Application.The data protection...
View ArticleADFS 3.0 Internal / External detection (SSO not working for all traffic is...
Hi!I have the following network config: INTERNAL <-> DMZ <-> INTERNETI have my DC and my ADFS 3.0 Server in the INTERNAL zone. I have my WAP (ADFS Proxy) in the DMZ zone. my ADFS server has...
View ArticleADFS + MFA error
Hello, i tried to implement a ADFS+MFA solution, so i am able to login to Azure Portal with my on-prem usersI got adfs working alright but whenever i enable Multi-factor authentication (MS Phonefactor)...
View ArticleHaving an issue with SSO when users are trying to go to an explicit link
Here is the scenario I have.We have ADFS doing SAML 2.0 auth for company.servince-now.com, and the landing page is company.service-now.com/navpage.doUnder our old SSO solution a user might get a url...
View ArticlePassive sign in with sliding expiration
I have a working web app with passive login, custom STS with ASP .NET forms authentication, and relying party services being called by the web app using delegation to act as the signed in user. Basing...
View ArticleAdding another ADFS server to the farm
Hello, I have been having some problems with our current ADFS server, specifically around directory sync, so I decided to introduce a second server to the farm, get it up and running (with ADFS 2012...
View ArticleADFS 2.0 User connection Issues
HI, My ADFS 2.0 Servers connect to Third Party Agent and my AD user name has changed ( Last Name) now user cannot login to the trusted party Web site? Error - 401 Unauthorized Unauthorized You have...
View ArticleOAuth and ADFS 3.0
Is there a way to accomplish the following:1> How to revoke an access_token that is granted by ADFS ?2> How to obtain a refresh_token from ADFS ?3> How to revoke a refresh_token that is...
View ArticleCustom STS as a Claims Trust Provider in ADFS 2.0
HiIn our Proof of concept scenario we are trying to implement ADFS 2.0 (let's called ADFS 1) federation with Custom STS. I have implemented a simple CustomSTS. This CustomSTS is configured to sign and...
View ArticleHow to select default domain in ADFS 3.0 configuration?
Hello,If I have multiple domains and UPN suffix in AD Forest and planning for ADFS 3.0How is it possible to select a default domain for users' access in ADFS 3.0 deployment configuration?Let me...
View ArticleSAML To Bearer Token (access_token)
Hi,I believe there is no way today out of the box to get an access_token from saml assertion. Is there a way that we can do some sort of customization in ADFS to achieve this ?Thanks,Sandeep
View ArticleReplacing Token Signing and Token Decrypting ADFS certifictes question
I recently replaced our Token Signing and Token Decrypting ADFS certificates because they were about to expire, by using the below commandsUpdate-AdfsCertificate -CertificateType Token-Decrypting...
View ArticleSSO for dynamics CRM - issues with ADFS
Dear all,I would like to enable SSO for our dynamics CRM. CRM is configured for claims based and IFD. I also created the Claims Provider Trust and Relying Party Trusts in ADFS but I still receive...
View ArticleDoes Azure AD Authentication Library (ADAL) support WS-Federation passive...
Hello,I have seen that among ADFS-related Microsoft libraries there is Azure AD Authentication Library (ADAL) which I find interesting since it is available on all platforms but based on the examples...
View ArticleReleasing claims to a specific Relying Party if the user is off-network
Hi all,Thanks for your time in advance. I am on the SAML SP side working with a client using ADFS 3.0 as their IdP.Authentication to the client's ADFS 3.0 is only available while on-network and on VPN....
View Articleprevent parameter 'wfresh' alteration
When the Pelaying Party sends an authentication request with fresh = 0 then user receive logon form.User may change GET request in Browser to wfresh = 1 and successfully authenticated without logon...
View ArticleHow to properly setup LB probe for ADFS 3.0 servers
We are facing a problem during ADFS 3.0 (Windows Server 2012 R2), because we do not find a suitable URL for hardware Load Balancer probe to test ADFS nodes.When tried with IE browser, the URL...
View Article