SessionSecurityTokenHandler error - "Unable to update the password....."
I was trying to run my claims enabled asp.net app using the default DPAPI based SessionSecurityTokenHandler and encountered this error at signin: [CryptographicException: Unable to update the password....
View ArticleADFS Authentication using Multi valued attribute(mail).
Hi All,Usually users can sign in to AD FS enabled applications using UPNs or domain qualified sam-account names (contoso\johndoe or contoso.com\johndoe).We have a requirement where we want our users...
View ArticleSP Initiated when AuthnRequest has ForceAuthn="true" is not working
Hi,SP initiated works fine when I do not specify ForceAuthn="true" in my SAML Request (AuthnRequest).However I want to force users to re-authenticate them self at IDP and ignore the session...
View Articlevs2013 WIF: missing "Update federation metadata" menu item
Greetings,Vs2013 is missing two WIF (Windows Identity Foundation) menu items when we right mouse click a Web Site project in Solution Explorer:1) "Add STS Reference ..." is missing but the workaround...
View ArticleADFS - Cannot edit documents in Office365
ADFS3 rollout has been pretty disastrous so far - lots of errors which neither ourselves nor Microsoft can resolve.Hoping someone can help on the latest issue though:When we try to edit documents in...
View ArticleDoes SharePoint Server 2013 Enterprise edition support SAML 2.0 protocol
ADFS is planned to setup as Relaying party (RP STS) and accept the token SAML 2.0 from Third party Identity provider (Idp STS) Adnovum. But As per SAML 2.0 implementation , There is no documentation...
View ArticleI want to add processing after the authentication of AD DS.
Hi.My environmentisADFS2.0/3.0 and VS2012.I wantto log anauthentication result by using theoriginal-API(.NET).Can original-API be called between completion of authentication of AD DS, and the response...
View ArticleAD FS rights to standard file share
Environment = We have 2 independent domains (A and B). Neither one of the domains wants to use trusts, in fact domain A has a policy that they only allow other domains to use its credentials through...
View ArticleADFS certificate authentication - can't login with certificates not...
Hi, I can't login via ADFS using client certificates that does not contain the UPN of the user in AD (e.g user1@domain.com).I can login with a certificate that have the value 'Principal...
View ArticleADFS3, How to set the MSISIPSelectionPersistent cookie to expired
Is it possible to programmatically expire the MSISIPSelectionPersistent-cookie created by an ADFS3 Home Realm Discovery Page? I’ve tried a custom theme/onload.js, but the cookie is flagged...
View ArticleHow to use ADFS 2 to centralize logon - Google Apps and OWA
Hi all!I'm trying to implement a solution to centralize the signon process on our e-mail services.My scenario is the following:We're an university and we use google apps and exchange 2010 as our e-mail...
View ArticleNOT FOUND (404) respond for SAML2 Logout Message
I have ADFS server as an IdP and I am building separate SP application using Python Django and PySAML2 library. My SP application is defined as relying party on ADFS side. SSO over SAML protocol is...
View ArticleCustom Issuance Transform Rules using regex -
I am trying to create custom claim issuance transform rules using Regular Expressions which GETS a user's email address and sends just the email domain for that user. The SAML Service Provider is...
View ArticleADFS 2012 R2 : Form Based authentication fallback when IWA fails
Dear All,We have a Windows 2008 R2 ADFS Farm. We have done some asp.net customization, in order to make the service more user friendly. Especially, we added some buttons on the FormSignin.aspx page, to...
View ArticleWS-Trust, JWT Token errors with ADFS 2012 R2 / WAP for workplace join/DRS
Hello, I have a fresh Internet accessible lab 2012 R2 ADFS / WAP setup using the best practices (other than HA) as defined on the TechNet pages and such. I am having some errors and workplace join...
View ArticleActive Directory Federated Services - X-Frame-Options DENY
Redirecting question here fromas suggestedWe have a family of products that do intranet single sign on using ADFS.We recently setup an AD FS 3 to verify compatibility. All protocols and token formats...
View ArticleClient Authentication certificate not working in ADFS3.0
Hi,I am currently working on integrating ADFS 3.o for Single Sign On to some 3rd party services along with PKI solution. The basic requirement is that I should be able to choose client authentication...
View ArticleSAML security - WebServices
Hi, I need create a SAML Request to security WS (ASMX or WCF) shared in client service. Is there any simple way to create such request in C# using SAML protocol. At the beginning I found some...
View ArticleADFS 3.0 - Limit external access to only the Office 365 web applications
Hello all, I've been working with a customer to implement an ADFS rule set to limit external access to Office 365 to web applications only, so no Outlook or Lync client configuration is possible. I've...
View ArticleWindows 2012 R2 change URL for ADFS
Previously posted this question in the following location:Windows 2012 R2 change URL for ADFS question Followed this article (below) to change the URLs and cert for ADFS and it still wants to go to the...
View Article