Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [adfs]

Microsoft Active Directory Federation Service is an identity federation technology that provides single sign on access to web services and web applications using WS-* and SAML.

Microsoft Active Directory Federation Service is an identity federation technology that is compliant with industry standards such as WS-* and SAML 2.0. ADFS allows an organizations to use claims based access to web applications/services and provide single sign on (SSO) access to web applications. As ADFS is based on industry standards, interoperability with 3rd party federation technology is possible.

The initial version (ADFS 1.0) was shipped from Windows Server 2003 R2 onwards and is available in-box as of Windows Server 2008 R2. The latest version (AD FS 2.0) however is an out-of-band release that can be downloaded from http://www.microsoft.com.

More details are available from http://www.microsoft.com/windowsserver2008/en/us/ad-fs-2-overview.aspx

Claims based identity and access is explained at http://msdn.microsoft.com/en-us/library/ff423674.aspx

IT pro specific content is available from http://social.technet.microsoft.com/wiki/contents/articles/2735.aspx

365 questions
3
votes
1 answer

ADFS v.2.0 transitive trust in a federation scenario

Currently i'm working with ADFS to establish a federated trust between two separated domains. My question is simple: does ADFS v. 2.0 support transitive trust across federated identity providers? And if so, see the questions below. (I'm not talking…
omni
  • 333
  • 2
  • 4
  • 16
3
votes
2 answers

ADFS 2.0 Farm - How do I perform an immediate sync

We're using ADFS 2.0 on a windows 2008 server, it's in a farm and has the default polling interval of 5 minutes. We're making a change tonight and would rather sync immediately than wait for the other guy to update, especially as we might be making…
Matt
  • 1,903
  • 13
  • 12
3
votes
2 answers

How do I run an ADFS Claims-Aware Agent on Windows 7?

I'm trying to create a development environment for a .NET web site but I'm stuck at one point. The authentication for the web site is going to be through ADFS and the development machines we have are Windows 7 machines. The web site is therefore…
Rune FS
  • 139
  • 1
  • 8
3
votes
1 answer

Intermittent OpenID Connect login error in ADFS 4.0

We have a Windows 2016 ADFS 4.0 farm (WID database, not SQL Server) hosted in Azure. We are working with a new OpenID Connect application, and want to use ADFS to authenticate and populate user profiles from AD. The application is using a shared…
RyanM
  • 41
  • 5
2
votes
1 answer

ADFS Alternative questions

We had (Before it went belly up) an ADFS server that was simply doing a translation from SAML 2.0 to WSFED (My end point software can not take in SAML only WSFED). My question is, what are the alternatives to ADFS to do this translation. Does…
Nathan
  • 73
  • 4
2
votes
0 answers

Lsass authenticates to ADFS on windows login

I am researching a domain user lockdown problem that involves an ADFS. What happens is that anytime a domain user logins into a windows 10 machine, lsass connects to ADFS to authenticate the user credentials, which in turn tires to authenticate with…
4x6hw
  • 21
  • 2
2
votes
1 answer

Why does upgrading to ADFS 2016 throw an error asking for a thumbprint that does not exist in the ADFS farm?

I have a 3 node 2012 R2 ADFS server farm that uses SQL. I am attempting to upgrade the farm to a 2016 farm by following the instructions laid out in in this article. All the prerequisites checks pass before I try to join the node. However, after I…
Andy Schneider
  • 1,543
  • 5
  • 19
  • 28
2
votes
2 answers

Disable TLS 1.0 and 1.1 on WIndows 2012 R2 ADFS and WAP

We have ADFS and WAP environment for publishing internal Urls on which we want to disable TLS 1.0 and TLS 1.1 as the browsers will stop accepting TLS1.0 from next year July. As per my understanding and reading the articles/blogs from microsoft/other…
John
  • 21
  • 1
  • 2
2
votes
0 answers

Adfs 3.0 Redirect Uri Length Limit

I'm using ADFS 3.0 on Windows Server 2012 R2. I have an application that uses OAuth2 to request an authorization code and then obtain an access token using that code. The application requires some context in their redirect uri, and sometimes this…
RMD
  • 131
  • 1
  • 1
  • 6
2
votes
1 answer

Server 2016 ADFS Retrieval of proxy configuration data fails and succeeds

Here's the setup -- 3 servers on Microsoft Azure: Domain Controller (Server 2016) ADFS (using gMSA account) (Server 2016, latest ADFS) ADFS Proxy (Server 2016, latest ADFS Proxy) I'm able to connect the ADFS proxy no problem to the ADFS server,…
cvocvo
  • 183
  • 2
  • 3
  • 8
2
votes
0 answers

ADFS - Correct way to massively provision relying party trusts for many similar SAML service provider

Let's say I have 200+ sites in the form of: https://site1.example.com, https://site2.example.com I have to deploy an identical SAML configuration for all of these sites. Ideally I would just have a single relying party trust set up in ADFS that…
Dylan
  • 156
  • 4
2
votes
1 answer

Authentication of Linux machines over the internet in a Windows only shop

Our company is a Windows shop with Windows Active Directory deployed full time. We have a mix of Windows 7 and Windows 10 machines. I understand authentication of Linux machines when I am inside the company network. I am not sure how the…
mindentropy
  • 21
  • 1
2
votes
2 answers

Configuring Shibboleth SAML 2.0 with ADFS 3.0 with Fedration Errors

I'm trying to configure ADFS 3.0 and SAML 2.0. Currently, I get this error whenever I restart shibd and httpd. 2016-11-07 12:49:08 ERROR XMLTooling.ParserPool : error on line 1, column 2702, message: grammar not found for namespace…
Franz Noel
  • 153
  • 7
2
votes
1 answer

ADFS error duing SAML Service Provider Login

I have a Spring SAML Project that has been under development for about a month. I've integrated with ADFS and everything has been working well. I'm getting an intermittent error that is becoming problematic because I have to wait for it to…
blur0224
  • 128
  • 1
  • 10
2
votes
2 answers

Azure Active Directory with On-Premises Dynamics CRM

I already had this infra working. On Premises: MS Dynamics CRM IFD + ADFS + ADDS On Cloud: Azure AD My problem is now we can only create account in on-premises and sync to AAD once the Azure Domain is federated. Then only those user can log-in to…
Jimm Terry
  • 21
  • 1
  • 3
1 2 3
24 25