Authentication type requirement of 'urn:oasis:names:tc:SAML:1.0:am:password'...
Hello everyoneWe have this .NET application called "appName.contoso.com" running on IIS and using WS-Federation for authentication with our ADFS 2.0 CU2 farm.Since the application owner wants users to...
View ArticleRename "Active Directory" Claims Provider Trust
I can create a new claims provider trust and rename it to whatever I want. But the default Active Directory CPT is not editable. The properties are blocked. I'd like to rename what shows up in the ADFS...
View ArticleCannot install Windows-Identity-Foundation
Hello, I've tried to install "Windows-Identity-Foundation" feature, but without success (OS is Windows 8.1 Professional). I can not find this feature in the UI (ControlPanel -> Programs&Features...
View ArticleADFS proxy unable to configure
hello I have installed web proxy but while configuring the following error is coming "An error occurred when attempting to establish a trust relationship with the federation service".I have...
View ArticleCan I obtain access token from ADFS 3.0 based on OAuth ACS-token that I...
Hello!I have the following setup: iOS device, ACS/WAAD is IDP and ADFS 3.0 as RP, securing access to WIF web service.I want iOS application users to be able to access ADFS-protected web-service.I have...
View ArticleADFS 3.0 Issuance Auth. Rules and SP-initiated signon
Hi all,I've a ADFS 3.0\2012R2 farm and i’m trying to implement some issuance authorization rules on a SAML 2.0 RP.the rules i’m implementing are;if you are on the LAN and you are member of a group1 you...
View Articleurn:mace:dir:attribute-def:eduPersonPrincipalName value to UPN
Hi, I would like to transform the AttributeValue to a UPN: <saml:Attribute Name="urn:mace:dir:attribute-def:eduPersonPrincipalName"...
View ArticleIDP Initiated signon works, SP initiated signon fails and hangs with "No...
I have a problem with a newly created relying party trust we have setup to a service provider called SuccessFactors (Based on SAP)IdP Initiated signon works great, but when we try SP initiated signon,...
View ArticleTwo Custom UserNameSecurityTokenHandlers in STS
I have WIF STS with сustom UserNameSecurityTokenHandler. It works fine, UserNameSecurityToken passed to Validate method of UserNameSecurityTokenHandler. But I want use two different u\p validations on...
View Articleevent id 364 and 111 in federation services
Hi,I have a windows server 2012 datacenter with an AD Federation Services 2 and in the ad fs event there are two error: event id 111 and 364.Two months ago I uninstalled these two patchs, kb2843639 and...
View ArticleADFS 2.0 does not recognize ForceAuthn=true in AuthnRequest ?
We are running ADFS 2.0 on Windows Server 2012 (on azure) and noticed that when a SAML Request with AuthnRequest=true was sent it prompted the user for credentials but kept looping back at the...
View ArticleToken time-out through a federation chain.
I have a RP connected to ADFS and then the ADFS uses federation to go through a chain of R-STS to the IDP.Just wondering what the rules around token time-out are?If the RP token times out it will go...
View ArticleServer 2008 ADFS 2.0 - SP Initiated requests return HTTP Error 400. The...
I have two SP initiated relying parties that this happens to. These parties both work on my QA servers. When I try in production, I get a generic "HTTP Error 400. The request URL is invalid." The URL...
View ArticleAdding Server to ADFS 3.0 Farm - Unable to read the AD FS configuration data...
I have a single new Windows Server 2012 R2 server on which I installed ADFS 3.0. My goal is to migrate ADFS content from a version 2.0 standalone server to a version 3.0 farm. I am attempting to add...
View ArticleUse the same certificate for Token Signing and Token Decryption in ADFS?
Set up a new ADFS 3.0 farm. Do you recommend to use same certificate from a public CA for both Token Signing and Token Decryption certificate ? Thanks in advance ! This posting is provided AS-IS with...
View ArticleADFS-Office 365 SSO (404 - File or directory not found.) error.
Hello guys,I'm getting a rather strange issue with my ADFS-office 365 SSO setup. I have an ADFS server in my LAN and an ADFS proxy in my DMZ network, I configured everything correctly and I am able to...
View ArticleADFS question: Send LDAP Attributes as Claims doesn't pass email through
Hello, Anyone know why "Send LDAP Attributes as Claims" wouldn't pass the email through for an ADFS connection? Our mail attribute is populated on the user. I do not see the attribute passed in...
View Articleadfs claim issue
Dear technet members, Our ADFS 2.0 (Windows 2008 R2) fails to obtains (retain after period of 20 hours) claims for "newly" created users (objects). Our AD has more than 14000 users. We see this in web...
View ArticleError when trying to set Organizationalaccountsuffix through...
I'm in the process of migrating from ADFS 2.0 to 3.0 for our Office 365 integration. It has mostly gone over quite painless being able to export and import the rules quite easily. However on the old...
View ArticleSystem.ServiceModel 4.0.0.0 error continually generated.
Our Windows 2012 R2 ADFS server is now generating the error below. Every 10 minutes the ADFS service account generates this error in the Application event log.ThanksGene A message was not logged....
View Article