active directory federation server secondary node is giving HTTP Error 503
active directory federation server secondary node is giving HTTP Error 503. The service is unavailable.when i try to access the link using the sever name...
View ArticleSigned XML signature verification for SSO SAML (Using sha256)
Hello,Using VS 2008 with .Net Framework 3.5 on windows 2003 server.We have implemented SSO with SAML for security. We work at service provider end where we validate the Signed XML SAML Assertuib token...
View ArticleAD FS 2.0 vs AD FS 1.x
I am new to working with AD FS, I have experience with LDAP.I am confused terminology surrounding AD FS especially since I realized today that most of what i was reading was AD FS 2.0 material.Here is...
View Articlews-federation login url
How to specify a target url like logintorp with ws-federation.As all the request that is sent as logintorp is going as samlrequest.And idpinitiatedsignon.aspx page does not have the ws-federations in...
View ArticleADFS v2 service account is exposed to the internet
Hello,The ADFS v2 service account is exposed to the internet via the endpoint /adfs/services/trust/mex.Apparently MS is not admitting that exposing the service account poses a security concern.(you can...
View ArticleJWT Handler 4.5: WIF10200: GetIssuerName with single parameter is not...
I've just implemented this JSON Web Token Handler for .Net 4.5 library described...
View ArticleSSO is not working with ADFS
HiI am facing an issue with single sign on. I am using ADFS with SharePoint 2010. I have created two web application on SharePoint. I have configured SharePoint to work with ADFS. On SharePoint side I...
View ArticleUse (Dynamically) NameID format defined in the SAML request
Hi Guys,I'm in the middle of a SSO project with a service provider and I'm a stuck with this issue:We're doing SP-Login and the SP is providing us with 2 distinct URLs. The difference between both is...
View ArticleAD FS 2.0 failing to issue tokens when running as a domain account
I installed a standalone AD FS 2.0 server running as NetworkService.I switched the service to run under a domain account since I have not gotten anywhere with my previous post:...
View ArticleSP initated connection failed due to invalid nameid policy
SP initiated connection and when the user click the sign in link and the request get redirected to the IDP login page. After the user authenticates the pages gets directed to the partner saml assertion...
View ArticleHow do you get ADFS usage statistics ?
Hi,I'd like to get some figures of ADFS usage, for example how many authentications I get for each RP over time.Anyone has ever done this?Thanks,LB
View Articleazure acs, windows phone, refresh token
Phone samples show the rstr from wsfedp being stored in per app phone memory.Should the embedded swt expire (making it useless as a http bearer header for passing guards on some api endpoint), the idea...
View ArticleSession management in ADFS 2.0 and sharepoint 2010
HiI have setup the Token Lifetime as 10, Web SSO Lifetime as 8 (on ADFS server) and LogonTokenCacheExpirationWindow as 2 minutes (on SharePoint server). As per my understanding after 8 minutes of idle...
View ArticleCan't redirect back to website page from ADFS
Hello, I have a WIF web application integrate with ADFS. I can redirect to ADFS when login to website. But after ADFS authentication, the page doesn't redirect back to WIF web page, it still stays at...
View ArticleADFS 2.0 export relying party trust metadata to xml
Is there a way to export the metadata of existing relying party trusts in ADFS 2.0 database to XML like FedetationMetadata.xml? That is, the root element of the xml is EntityDescriptor and it can be...
View ArticleHow to access register or sign up page when applying ADFS?
Hello,I have a WIF web application integrated with ADFS. It works fine to redirect ADFS when accessing the web page, then redirect back after authentication. But every time when accessing to web page,...
View ArticleHow to handle when an AD-FS token is expired?
There is a lot of information around AD FS and several suggestions that involve playing with the TokenLifetime, Freshness, and WebSSOLifetime settings. Are there any best practice when it comes to...
View ArticleSingle sign on, login and logout in ADFS 2.0
Hi all,I have a problem with ADFS. I can not implement relogin and logout in silverlight app connect to ADFS. So I try to use ClaimsIdentitySessionManager.Current.SignInUsernameAsync for login and...
View ArticleADFS 2.0 Sign Out Problem
I am working on a demo which uses ADFS 2.0 as identity provider. All is working fine except for log out functionality.The following is the code I am using to log out the user:Dim url As String =...
View Articlewsignoutcleanup1.0 in Windows Identity Foundation for multiple Relying Parties
Hi,When using STS with multiple relying parties, the STS has to send the "wsignoutcleanup1.0" to each RP as a "Get" request. I have this implemented by tracking the RP's and sending this request to...
View Article