The issuer of the token is not a trusted issuer
Hi, I have a problem in authorization saml token to sharepoint.I've got error like below:The issuer of the token is not a trusted issuer.Description: An unhandled exception occurred during the...
View ArticleGet authenticated User SID from ADFS 2.0
I have configured federation authentication and every thing is working as expected. I am able to get all the user information like displau name department nate email etc. Now i want the SID of user...
View ArticleSimple - Service Communication Certificates
Hi, I'm new to Claims Based Authentication and come from a SysAdmin background. Looking at providing ADFS 2 as an IdP to provide Single Sign On services to a 3rd party cloud app which supports SAML 2....
View ArticleHelp with replacing the token signing and token decryption certificates
Hello clever ADFS peopleBoth my token signing and token decryption certificates expire in around a month.The current certs are self signed and auto certificate roll over is disabled (I created them...
View ArticleADFS Relying Party Trust / Claims Provider Trust?
In ADFS 2012, you can configure Relying Party Trust or Claims Provider Trust.What is the difference between these two? When should each one be used?How is the federation metadata different between...
View ArticleCustom Claim Rules - How to write domain name into outgoing claim?
Hi,I created a custom rule that outputs the sAMAccountName of an AD user based on a nameidentifier claim value that is send inside a SAML Assertion to the AD FS 2.0 STS. The sAMAccountName itself is...
View ArticleHow to add or modify claims correctly in ValidateToken
Hi, we have a ValidateToken method in Saml2SecurityToken handler which returns ClaimsIdentityCollection and I would like to change claims type as below:public override...
View ArticleADFS Deployment Topology/Architecture
We need some advise on the ADFS topology we are planning to deploy; if it will work or not.Our ADS descriptionWin 2008 R2 based single forest with just the forest root domainAD Forest root domain spans...
View ArticleWIF 4.5 encryption cert question (optional vs mandatory token encryption)
When you specify an encryption cert in web.config, does WIF require that all incoming tokens are encrypted with this cert or does it just specify that if a token comes in encrypted, this is the cert...
View ArticleProblem with modification of SAML string
Hi, I have a problem with modification of SAML xml in this way, that when I use f.ex replace method or something like this in C# based on string which contains XML saml then then after that I got...
View ArticleAzure management portal and ADFS
Hi,I want to implement ADFS 2.0 with the Azure management portal using on-premise AD accounts.Has anyone got any detailed documentation on how to set this up ?For example do I need to deploy AzureAD ?...
View ArticleADFS 2.0 related Queries
Hello Everyone, We have recently setup ADFS 2.0 Farm (2 Servers) with SQL setup. We are using ADFS for 2 applications (Cisco Webex) hosted within the corporate network and for a Cloud based Application...
View ArticleTroubleshooting MSIS7015 with Reflector - where to start?
Hi all,I've been trying to deal with the dreadful MSIS7015 error while configuring ADFS SP for SAML2 IdP (SiteMinder).After browsing related topics on this forum, I've got the idea that the best way to...
View ArticleADFS 2.0 Windows Service will not start on Server 2008 SP2
Hello, I'm attempting to follow the "AD FS 2.0 Federation with a windows identity foundation application step-by-step guide" (...
View ArticleHow to write saml token to XML without SubjectConfirmationData
Hi, I would like to serialize saml token to XML and I am using that code:if (handler.CanWriteToken) { var sb = new StringBuilder(); handler.WriteToken(new XmlTextWriter(new StringWriter(sb)), token);...
View ArticleADFS 2.0 - client ip address
Does anyone know if it is possible to embed the client IP Address into an ADFS token please? If so does anyone have any pointers as how to do this?Many thanks Simon
View ArticleDoes not redirect to IdP
HI all, this is my scenario: 1) Web Application - https://adfs01/app/default.aspx - DomainA - (sets as Relying Party on ADFS01) 2) ADFS01 - https://adfs01.domainA.local - DomainA - (sets as Relying...
View ArticleADFS error / MSIS8108: Authentication failed.
Setup ADFS 2012 with ASP.NET MVC web app as a relying party trust in hopes of getting relying party initiated SSO going so that our internal active directory users can use our web app with their...
View Articlecommercial idp integration?
Anyone integrate their WIF app with Ping or Okta? Was it easy/difficult?
View ArticleADFS 2012 trust / cert questions
How does ADFS decide whether to trust a given WSFederation signin request and post a token back to my passive token issuer? Is it the entity id from federation metadata? Does the entity id get used...
View Article