Auto-Logout / AD FS / IIS7 / Claims Based Authentication - Cookies not expiring
All,Good day. I am currently on a project that is creating a web application that uses AD FS for authentication. We are using claims based authentication and its an ASP.NET application. The relying...
View ArticleEmpty actor and claims in WS-Trust delegation token
So, I'm working on implementing a .NET 4.5 version of the explicitly-managed ActAs token scenario as described on pp. 181-182 of Vittorio's Programming WIF book, and as demonstrated here by...
View ArticleDefault token lifetime for relying party trusts?
I have found conflicting information on the net about what the default value is for TokenLifetime for a relying party trust in ADFS 2.0. This...
View ArticleIntegrating ADFS with ACS
Hi,I'm using Windows Server 2012 R2, to host my ADFS platform. I have configured Azure ACS to interact w/ ADFS, and am in the process of working the SSO Windows Integrated Authentication in the mix.I...
View ArticleHow to decode the SAML request
Hi All ,I am trying to integrate Saleforce.com with AD FS 2.0.Both AD FS Idp and Salesforce SP links are working fine.I need to do few customizations on ADFS login to display client company logo.For...
View ArticleEvent ID 133: During processing of the Federation Service configuration, the...
ADFS 2.0 installed on server 2008 R2. I configured ADFS with a wildcard certificate and if I remember correctly I was able to test the url in a browser and got an XML response. Now I wanted to continue...
View ArticleClaim Rule Language Syntax - Query sAMAccountName,userPrincipalName by...
Hi,I am having troubles to get the syntax right to query the samAccountName and userPrincipalName. I have the objectGUID provided as a string from an external database, but the samAccountName &...
View ArticleSafari cookie size limitation update in Windows Server 2012 R2 ADFS?
HiAs discussed in length in the "ADFS 2.0 Web SSO not working in current versions of Safari for Windows or iOS" thread, the pre-Windows Server 2012 R2 ADFS sometimes creates cookie data to track...
View ArticleGetting the User Object with Identity Model
So, I've been pulling my hair out trying to get the user id out of my application. I'm using the Visual Studio 2013 Preview for Web. I know back in the day, you'd call the Membership object and get the...
View ArticleADFS 2.0 SQL DB failover - how does it work?
I have configured an ADFS 2.0 farm with three web servers, two in the main site and one in our DR site. I will be using an f5 to do network load balancing across the three web servers, and for the...
View ArticleClik here to view.
WIF - RSAEncryptionCookieTransform.Encode throws InvalidOperationException on...
I am using Thinktecture Identity provider for Claims Based Identity Validation. Thinktecture in turn uses Identity Model to issue tokens.When I enable FIPS mode through GPO, I have got the below error...
View ArticleWhat happens when a user does not meet requirements of an Issuanace...
Hi guys,We have ADFS 2.0 running on 2008r2. We are about to change an ADFS-SAML connection with one of our relying partners so that only users from a specific internal AD group will be allowed to...
View ArticleID4291: The security token...
We have a website protected by WIF which all works until i goto a specific subdir. I get the errorID4291: The security token 'Microsoft.IdentityModel.Tokens.SessionSecurityToken' is not scoped to the...
View ArticleADFS 2.0 Sign Out Problem
I am working on a demo which uses ADFS 2.0 as identity provider. All is working fine except for log out functionality.The following is the code I am using to log out the user:Dim url As String =...
View ArticleUsing Code-Signing Cert with SHA256 Signature and Signature Hash Alogrithms...
I have a client who implemented an ADFS 2.0 farm, initially for use with O365. The third-party code-signing certificate uses SHA256 for the Signature Algorithm and SHA256rsa for the Signature Hash...
View ArticleIE requires "Down-Level Logon Name" format?
Good day. We have set up a Relying Party Trust and all is working fine for authentication to the partner website. However, I'm getting varying behavior during authentication depending on the browser,...
View Articlelync wstrust behaviour differences
Does lync on windows phone use the same assertion minting design as lync on windows? (Targetting lync online) In both cases, lync pushs bearer tokens from ipsts to an msol rpsts, which delivers...
View ArticleclaimTypeRequired in a WIF 4.5 app
I've built an ADFS 2.0 server and used sample code to get a claims aware app using WIF 4.0 in VS 2010. TheAdd STS Reference command sorted everything out for me and it worked: I saw a list of claims...
View ArticleTips on using CertificateWSTrustBinding and...
Is anyone using CertificateWSTrustBinding with SecurityMode.Transport, and/or SecurityMode.TransportWithMessageCredential, for manually requesting tokens from WSTrustChannelFactory? I can't seem to...
View ArticleADFS 2.0 does not redirect back to 'reply' url on signout
I'm having a problem with ADFS 2.0 not redirecting back to the url in the wreply parameter. I'm using the form login page (authenticationType="urn:oasis:names:tc:SAML:1.0:am:password"), if that...
View Article