Questions tagged [adfs]

Microsoft Active Directory Federation Service is an identity federation technology that provides single sign on access to web services and web applications using WS-* and SAML.

Microsoft Active Directory Federation Service is an identity federation technology that is compliant with industry standards such as WS-* and SAML 2.0. ADFS allows an organizations to use claims based access to web applications/services and provide single sign on (SSO) access to web applications. As ADFS is based on industry standards, interoperability with 3rd party federation technology is possible.

The initial version (ADFS 1.0) was shipped from Windows Server 2003 R2 onwards and is available in-box as of Windows Server 2008 R2. The latest version (AD FS 2.0) however is an out-of-band release that can be downloaded from http://www.microsoft.com.

More details are available from http://www.microsoft.com/windowsserver2008/en/us/ad-fs-2-overview.aspx

Claims based identity and access is explained at http://msdn.microsoft.com/en-us/library/ff423674.aspx

IT pro specific content is available from http://social.technet.microsoft.com/wiki/contents/articles/2735.aspx

365 questions

votes

2 answers

Using Shibboleth with ADFS doesn't work

I'm trying to familiarize myself with Shibboleth 2.5.3 and Active Directory Federation Services (tried both 2.0 and 3.0). What I'd like to achieve is having an Apache server authenticate against ADFS as IdP using Shibboleth as SP. For that reason I…

single-sign-on adfs shibboleth

asked Nov 05 '15 at 12:45

Julian B

votes

0 answers

ADFS 3 WAP Pre-auth error 511 - 364

Very simple setup 2 adfs BE Servers and one proxy. Application name https://adfsapps.abc.local/ADFSApp1/ (basic Claims aware App). STS url is STS2.abc.local. If Application is published as Pass-Thru it works fine But if Pre-Authentication is used…

adfs

asked Oct 31 '15 at 07:00

Rishi

votes

2 answers

Custom AD FS Rule for Office 365 MFA ActiveSync Exemption

We setup Office 365 with our RSA keys, and we are looking to exempt our mobile devices and outlook from MFA for now. From what I understand we have to form a custom issuance transform AD FS claim rule. I have tried creating one, without…

windows-server-2012-r2 microsoft-office-365 adfs

asked Oct 23 '15 at 02:01

David Eisen

votes

1 answer

Why is ADFS not passing credentials through with Integrated Windows Authentiation?

We have an ADFS 2.0 instance set up. We use it for 3rd party web app single sign-on. Everything works beautifully with the existing app, App1 with SAML 2.0, including IWA pass-through when users are redirected to our ADFS server. I just configured a…

single-sign-on adfs integrated-authentication

asked Jun 30 '15 at 18:21

Thomas

votes

1 answer

Sending AD Attributes as AD FS claims to Shibboleth SP Attributes

I have an AD FS claims provider set up and a Shibboleth SP successfully authenticating against it. I am attempting to have the Active Directory attributes sent to the SP. I followed this article to attempt to send the…

adfs shibboleth

asked Jun 18 '15 at 23:25

OrangeGrover

votes

1 answer

How to configure ADFS 2.0 to send SAML 2.0 token when using WS-Federation

I have a related party application that can accept SAML 1.0 and 2.0 over WS-Federation. I configured my claims and trust relationship manually and everything works as expected. I inspected the token being passed and realized it is SAML 1.1 token.…

windows-server-2012 adfs

asked Apr 05 '15 at 01:45

Sebastian K

votes

1 answer

ADFS Claim to Flatten Groups and Return full DN

Is there way to create a claim that will the return the DN of all groups and super-groups a user is a MemberOf? Currently running Windows 2012 R2 ADFS. Example: I have a structure of groups like the following. GrandparentGroup ParentGroupA…

active-directory adfs

asked Mar 20 '15 at 17:04

Travis Stafford

votes

1 answer

ADFS 3.0 load balanced reverse proxy options

We are deploying ADFS on server 2012 R2. Microsoft recommends a minimum of 2 ADFS servers, and 2 servers running the web application proxy role in the DMZ. My question is: We already have in place 2 Apache reverse proxy servers in the DMZ running…

reverse-proxy adfs

asked Mar 18 '15 at 19:37

Brandon

votes

3 answers

ADFS and relying party token-signing certificates

I haven't quite gotten the grasp of relying party token-signing certificate's functionality with ADFS 2.0 / 3.0. Once the automatic self-signed certificate roll-over occurs (by default), there are scenarios where you have to manually deliver the new…

certificate single-sign-on adfs

asked Feb 19 '15 at 19:32

lapingultah

votes

1 answer

ADFS 2.0 and Shibboleth SP 2.5.3 - Unable to locate Metadata

I am attempting to use Shibboleth SP (64-bit on Windows Server 2008 R2) to authenticate with ADFS 2.0 (64-bit Windows Server 2008 R2). When I browse to the Shibboleth protected site, I get a 500 error with the following in the Shibboleth native_warn…

adfs shibboleth

asked Dec 08 '14 at 23:08

OrangeGrover

votes

1 answer

ADFS fails to authenticate specific user -- throws ADAccountLookupException

Note - I've actually already solved this, but I don't see any detailed write-ups online about this issue so I'll go ahead and ask the question and answer it myself. I run a service that authenticates as SMTPRelayUser that started failing ADFS…

adfs

asked May 21 '14 at 16:40

pk.

6,451
2
42
63

votes

1 answer

Access Installation Disc from Azure-hosted Windows Server 2012 R2 VM

I'm setting up an ADFS farm in Windows Azure and I need to export the settings of my old farm to import to the new farm. The official documentation on TechNet tells me to use scripts that are located in the media/server_en-us/support/adfs folder of…

azure windows-server-2012-r2 adfs

asked Mar 27 '14 at 16:20

pk.

6,451
2
42
63

votes

1 answer

SPN settings in a ADFS 3.0 lab setup

I am a developer trying to understand authentication with ADFS (2012 R2), so I am trying to setup an ADFS lab. I have found 2 guides: doc1 - http://technet.microsoft.com/en-us/library/dn280939.aspx doc2 -…

active-directory windows-server-2012-r2 adfs spn

asked Mar 15 '14 at 15:08

itaysk

votes

2 answers

ADFSv2.1 redirect infinite loop

I'm trying to setup an ADFS server in a lab to test out the federation authentication mechanism. I'm following this guide: http://www.syfuhs.net/post/2010/08/13/Installing-ADFS-2-and-Federating-an-Application.aspx up until the part when they create…

adfs

asked Dec 13 '13 at 14:58

David Lay

votes

3 answers

Does ADFS work with SSL offloading?

Does ADFS work with SSL offloading? Ive only seen ADFS with SSL certificates on the web servers, and we know it requires SSL. But does this requirement mean it must be all the way through to the servers?

adfs

asked Aug 28 '13 at 06:07

user2722403

Prev 1 2 3

…

24 25 Next