ADFS integration with SiteMinder, Event ID 147
I am trying to integrate a client with SiteMinder into my ADFS, but ADFS is throwing Event ID 147 when it receives the token.http://technet.microsoft.com/en-us/library/ff641740(v=WS.10).aspxThe client...
View ArticleUsing Code-Signing Cert with SHA256 Signature and Signature Hash Alogrithms...
I have a client who implemented an ADFS 2.0 farm, initially for use with O365. The third-party code-signing certificate uses SHA256 for the Signature Algorithm and SHA256rsa for the Signature Hash...
View ArticleHow can I authenticate for one ServiceProvider site, and then no...
We use ADFS 2.0 to access ServiceProvider sites. If I go to the ServiceProviderSite#1(SPI), it will redirect me to ADFS and I authenticate and then get connected into that site. That works fine and I...
View ArticleEvent 111 and 364 when testing ADFS on Server 2012 R2
I have deployed a new Windows Server 2012 R2 Standard server on-premise in anticipation of deploying SSO between Office 365. I have enabled the AD FS Role on the 2012 R2 server. The installation...
View ArticleCNAME Record and SSL Certificate for ADFS 2.0
Were implementing a SAML 2.0 solution for a customer, were they are going to user AD FS has the idP. The users will access a website which is located in the cloud but they are only going to use it...
View ArticleModify ADFS Claim for UPN
Hello, I'm curious if it is possible to transform ADFS 2.0 claims around UPN.I need users to log into ADFS without their UPN. So, the user would log into the ADFS portal with an Active Directory...
View ArticleRetreiving SAML token from ADFS programmatically
Hi guys,We have a ADFS installed in our domain, one of our WCF service (within the domain) needs to make a call to the ADFS to authenticate a user against the AD.I need to do this programmatically and...
View ArticleUsing claims in a cross-domain environment to talk to on-premise service bus.
I'm currently working on a project where we are building a virtual environment to be installed at customer sites who have no internet access. Our domain in our environment houses an AD, ADFS,...
View ArticleADFS does not redirect to RP after authentication
ADFS does not redirect to RP after authentication. http://social.msdn.microsoft.com/Forums/vstudio/en-US/7ee81985-b791-46a7-a4b7-250ad7c4bd38/sts-does-not-redirect-back-to-rp The above link is a...
View ArticleLogout not working for SAML partners, unless I close the browser. Works fine...
Hi guys,We are running ADFS 2.0 on Win2008r2. We have (3)Relying Partners and everything works fine with them, however we have noticed one issue. When we logout from our partner that uses...
View ArticleHeader for Lync to use on ADFS Claim Rule
Hi,Does anyone know what headers are available for Microsoft Lync, which I then want to use in a ADFS Claim Rule?For example I know the following exist for Outlook / Exchange, but can't find anything...
View ArticleADFS Proxy with Client Certificate Authentication
Hello All,I am testing an infrastructure with an AD FS Proxy in a DMZ, and an internal AD FS Server:AD--A--FW--AP--FW--I--C(AD=Active Directory, A=AD FS, FW= Firewall, AP=AD FS Proxy, I=Internet,...
View ArticleSetting AuthnRequestsSigned="true" in ADFS 2.0's FederationMetaData.xml
I'm configuring a third party claims provider in ADFS 2.0. The third party provider requires WantAssertionsSigned and AuthnRequestsSigned set to true. I have configured ADFS and can see that...
View ArticleADFS redirect loop issue
I have a customer that uses ADFS to connect to my SAML server. Everything was working fine for months and then the customer told me they were getting signing errors. I had them re-load my metadata...
View ArticleClik here to view.
ADFS 2.2 (2012 R2) Design for Internal FBA
So, in short, I'm looking for a way to use the web application proxy servers while the DNS record the client sees for the ADFS servers points at the internal farm servers. Currently this just throws an...
View ArticleADFS Autorization Rule
Hello, I need an Issuance Authorization Rule that will only permit a user if he is a member of a specifc domain AND is a member of one of our groups whose name starts with COA_ADM. All others should be...
View ArticleEncountered error during federation passive request.
I am configuring ADFS for CRM 2011. I am getting to the forms based login page, login using valid credentials, and then receive the below error msg in the AD FS 2.0 admin log / event viewer. I am...
View ArticleADFS - Second site issue
We have an ADFS farm set up with 2 ADFS servers, and 2 ADFS Proxy Servers in 2 different Geo-locations.Location A: Read/Write DC ADFS Server Farm Master ADFS Proxy Location B: Read-only DC (RODC) ADFS...
View ArticleRestrict access to certain trust
I know there are some federation trust specific settings for each trust in your ADFS environment (such as choosing to decrypt tokens or not for example). I was wondering if there is a way to restrict...
View ArticleThe ICrypto implementation '' is not supported
I'm getting the error "The ICrypto implementation '' is not supported"when calling a WCF service using ws2007FederationHttpBinding. The token being passed was generated from a custom STS. This is all...
View Article