Questions tagged [adfs]

Microsoft Active Directory Federation Service is an identity federation technology that provides single sign on access to web services and web applications using WS-* and SAML.

Microsoft Active Directory Federation Service is an identity federation technology that is compliant with industry standards such as WS-* and SAML 2.0. ADFS allows an organizations to use claims based access to web applications/services and provide single sign on (SSO) access to web applications. As ADFS is based on industry standards, interoperability with 3rd party federation technology is possible.

The initial version (ADFS 1.0) was shipped from Windows Server 2003 R2 onwards and is available in-box as of Windows Server 2008 R2. The latest version (AD FS 2.0) however is an out-of-band release that can be downloaded from http://www.microsoft.com.

More details are available from http://www.microsoft.com/windowsserver2008/en/us/ad-fs-2-overview.aspx

Claims based identity and access is explained at http://msdn.microsoft.com/en-us/library/ff423674.aspx

IT pro specific content is available from http://social.technet.microsoft.com/wiki/contents/articles/2735.aspx

365 questions

votes

1 answer

What actions in Office 365 trigger requests for new SAML tokens?

We're in the process of diagnosing an issue where our on-premise ADFS servers stop accepting requests from the ADFS proxy servers for short (5m intervals). One behavior that we're having difficulty understanding is that when ADFS stops responding,…

asked Jan 25 '14 at 18:11

duffbeer703

20,797
4
31
39

votes

3 answers

ADFS setup with Local AD and Azure AD without Dir Sync

I have local AD and AD on azure and I have ADFS and ADFS proxy server setup to authenticate users on local AD. I have followed all the steps on microsoft site to setup trust between Azure AD and local AD. However it says Dir Sync is necessary in…

active-directory adfs

asked Jan 14 '14 at 05:55

udita

votes

1 answer

Is it possible to pass SAML assertion depending upon attribute on User?

In Saleforce - ADFS SSO with AD being IdP. With AD 'Username' being SAML User Id; There are two type of users(standard users & portal users) in Salesforce. For SSO of portal users; SAML assertion must contain two more parameters(with hard coded…

adfs

asked Dec 17 '13 at 08:49

ClassCastException

votes

0 answers

How to configure a different Saml2SecurityTokenHandler for passive federation in ADFS 2.0 .net 3.5

How do I configure an other Saml2SecurityTokenHandler (Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler) class for my passive federation on my ADFS 2.0 server? Right now: i'm trying the folowing configuration: …

adfs

asked Sep 16 '13 at 07:47

nicojs

votes

1 answer

Why is Kerberos security failing for our ADFS proxy server?

We have a WCF service that uses active federation to authenticate callers via AD FS 2.0 and it's working fine internally. Now we want to expose it to the outside world, so our server team set up a server in the DMZ for the service and an AD FS Proxy…

kerberos wcf adfs

asked Jun 12 '13 at 18:47

Rick Liddle

votes

0 answers

Using Dynamics CRM Outlook client for non-Active Directory users (Active federation with ws-trust)

I am experiencing challenges logging in to CRM from the Outlook client when the user does not reside in Active Directory. Some of our CRM users do not have Active Directory credentials. Instead they log in to an IBM Websphere environment using LDAP…

adfs microsoft-dynamics-crm

asked Jun 04 '13 at 11:28

colivier

votes

1 answer

Using O365, ADFS, not using DirSync/FIM, what value should immutableId be for ADFS to assert right?

ADFS 2.0 asserts the immutableID value in its SAML assertion during Federation attempts with Office 365. The ImmutableId is specified at object create time in Office 365. If you use DirSync, the objectGUID is used. If you have many AD forests…

adfs microsoft-office-365

asked Jan 24 '13 at 20:41

geoffc

2,165
5
25
40

votes

2 answers

ADFS 2.0 Proxy Server Vs. Opening ADFS Server to public

We are working on deploying ADFS for SSO with o365. We have a consulting firm that handles our firewall configuration. Today, while attempting to get them to set up a DMZ for me to install my ADFS proxy server, the consultent attempted to convinve…

firewall proxy adfs

asked Nov 08 '12 at 23:45

Matt Bear

votes

1 answer

ADFS 2.0 and Dynamics CRM 2011 SSL for what domain?

I have read that the best practice for an IFD Dynamics deployment is to use ADFS2.0 and lock it down with a wildcard SSL Certificate. The domain name I want to use for the Dynamics deployment is not the same as my Active Directory forest. I want…

ssl ssl-certificate adfs microsoft-dynamics-crm

asked Nov 24 '11 at 17:03

bakesale

votes

0 answers

ADFS acting like it has a Relying Party Identifier blacklist?

In our development environment, we're having a problem with our configured Relying Parties in ADFS 2.0 that is baffling me. It's acting as though there is a blacklist of identifiers. We have 3 developers developing against this right now (new…

windows-7 windows-server-2008-r2 asp.net adfs asp.net-mvc

asked Jun 03 '11 at 14:34

Jaxidian

votes

3 answers

Bind ADFS 2.0 service to a specific IP address

I have one server with ADFS-2.0 and a few websites on it. One of the websites is Dynamics CRM which listens on a specific IP address on port 443. Dynamics CRM provides a metadata file for configuration purposes which could be used to configure a…

windows-server-2008-r2 adfs netsh microsoft-dynamics-crm

asked May 25 '11 at 21:11

ccellar

votes

2 answers

Adding an RP to ADFS 2

I'm trying to add a Trusted Relying Party using the ADFS 2 wizard. My dev site (IIS hosted) has an HTTP binding at port 61080 while the HTTPS binding is on port 61443. I've got a self signed .PFX certificate for SSL. The ADFS 2.0 server is a Win2K8…

ssl-certificate certificate adfs

asked Apr 29 '11 at 05:20

abjbhat

votes

0 answers

Single Sign on (SSO) not working on Firefox

Could it be that Firefox doesn’t support all windows NTLM SSO scenarios on a Sharepoint Site via adfs? Login attempts into Sharepoint site just gets stuck on the login page and nothing happens afterwards… I enabled Windows SSO gpo, not sure if that…

group-policy adfs single-sign-on firefox ntlm

asked Aug 27 '22 at 14:39

john zuh

vote

1 answer

ADFS 2019 OAuth Access Token Lifetime

Is it possible to change the access token lifetime in ADFS? I have an Application Group configured that issues tokens perfectly fine. I just want to know if I can somewhere change the lifetime of access and refresh tokens you get via OAuth. Only…

adfs windows-server-2019 oauth

asked Jan 08 '20 at 15:07

Thomas Lazar

vote

0 answers

Add sub claim to access token in AD FS server 2019

I'm trying to figure out how to add the sub claim the the access token issued by AD FS server 2019. It is not included when I look at the contents of the token. The goal is to have a unique ID per user we can use when storing values in our…

active-directory adfs

asked Dec 04 '19 at 13:11

ptf

Prev 1 2 3

…

24 25 Next