Questions tagged [adfs]

Active Directory Federation Services (ADFS) is a standards-based web Single Sign-On federated identity which implements claims based authentication across forests.

Active Directory Federation Services (ADFS for short) is a standards-based Web Single Sign-On federated identity which implements claims based authentication across forests. There are multiple versions ADFS 2.0 on WS2008/R2, ADFS in WS2012 (also called 2.1), ADFS in WS2012R2 (also called 3.0) and ADFS in WS2016 (also called 4.0)

ADFS provides authentication services for applications over standard protocols. We typically refer to these apps as claims based applications. Claims based authentication is the process of authenticating a user based on a set of claims about its identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims based authentication. Claims are essentially attributes derived from Active Directory, a LDAP or SQL server.

In ADFS, identity federation is established between two organizations by establishing trust between two security realms. A federation server on one side (the Accounts side) authenticates the user through the standard means in Active Directory Domain Services and then issues a token containing a series of claims about the user, including its identity.

On the other side, the Resources side, another federation server validates the token and issues another token for the local servers to accept the claimed identity. This allows a system to provide controlled access to its resources or services to a user that belongs to another security realm without requiring the user to authenticate directly to the system and without the two systems sharing a database of user identities or passwords.

Latest developer oriented information can be found at links below.

AD FS OpenID Connect/OAuth Concepts https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/development/ad-fs-openid-connect-oauth-concepts

AD FS OpenID Connect/OAuth flows and Application Scenarios https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios

2074 questions

votes

1 answer

ADFS authentication with windows credentials

For an existing ASP.NET MVC app, that connects to ADFS we would like to be able to use the os windows user credentials to automatically authenticate against ADFS. Do you have any suggestion how can be this achieved? I really appreciate any input.

adfs

asked Jun 15 '18 at 08:13

Marius B.

votes

1 answer

How to login Windows with LDAP account by using ADFS

I have an OpenLDAP server in company for user authentication. We also have ADFS 2016 installed, and Configured AD FS to authenticate users stored in LDAP directories. I can login webpage with both LDAP account and AD account, it works well. But…

ldap adfs windows-server-2016

asked Jun 14 '18 at 10:41

ks.zhang

votes

1 answer

Can WS02 IS offer ADFS compatible IDP?

Can WS02 IS offer ADFS compatible IDP for federation of 3rd party apps requiring ADFS - without actually using active directory or active directory tools?

wso2 adfs wso2-identity-server

asked Jun 12 '18 at 22:29

Tom

votes

2 answers

How to get client_id value in ADFS Issuance Transform Rule

I am implementing a client credentials grant in ADFS3.0. This works based on the scenarios and developer examples. I want to add an issuance transform rule that uses the client_id to lookup extra claims in a custom sql attribute store. c:[Type ==…

oauth-2.0 adfs claims-based-identity adfs3.0

asked Jun 12 '18 at 11:59

stombeur

2,704
22
45

votes

1 answer

ADFS 3.0 relying party token signing certificate

Using VS2017 I created a new MVC application. Authentication was set to work/school accounts using on-prem ADFS server. The VS wizard asked for ADFS metadata and relying party's URL information, which I entered. On the ADFS side I configured a…

asp.net-mvc adfs claims-based-identity ws-federation adfs3.0

asked Jun 11 '18 at 17:52

joym8

4,014
3
50
93

votes

1 answer

How to configure ADFS Endpoint Response URL using xml

I'm trying to add a relying party trust to ADFS by importing an XML file. This works great but I can't find the correct entry to add the Endpoint's SAML logout Response URL field. In other words, I'm trying to find the match from red rectangle in…

logout adfs endpoint

asked Jun 04 '18 at 14:20

גיל רזי-אורן

votes

1 answer

Sitecore 9 how to establish Claims-based Active Directory Authorization

in Sitecore 9 , i trying to Claims-based Active Directory Authorization(ADFS) What is the difference between only Active Directory and Active Directory use ADFS(Claims-based) How to make Claims-based Active Directory Authorization (we have ADFS…

c# active-directory sitecore adfs sitecore9

asked May 27 '18 at 07:07

きむてそん

votes

1 answer

How to import certificate for Azure app service using Powershell

A marketplace app in Azure is installed as an app service. For claims based authentication to work the app requires the ADFS token-signing certificate be installed on Local Machine > Trusted People store. But there is no feature like that in Azure…

powershell azure azure-web-app-service adfs

asked May 22 '18 at 21:45

joym8

4,014
3
50
93

votes

1 answer

create react app - ES6 and passport.js

We are using Create React App for building our web application. We would like to integrate our Create React App with Passport.js. I am having a hard time integrating these two considering my app uses classes and passport.js does not follow the same…

reactjs passport.js adfs create-react-app

asked May 18 '18 at 01:51

user25010

votes

1 answer

Custom claim rule in ADFS

We have a claim rule in our ADFS in order to send a users email address as NameID:- c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"] => issue(Type =…

saml adfs

asked May 17 '18 at 15:18

a b

votes

1 answer

ADFS not returning domain groups (Also odd issues with get-aduser)

I am trying to help someone troubleshoot an extremely odd AD\ADFS issue and am about out of ideas. We are using ADFS to return the security groups (among other things) that a user belongs to. If that user has a specific group, then we grant them…

active-directory adfs claims-based-identity

asked May 15 '18 at 14:30

Spartenos

votes

4 answers

AD FS 2.0 Event 206: "The Federation Service could not fulfill the token-issuance request"

I am getting a strange error from ADFS 2.0 event Log as follows: "The Federation Service could not fulfill the token-issuance request because the relying party 'https://my-relying-party' is missing a WS-Federation Passive endpoint address. Relying…

saml wif adfs adfs2.0

asked Feb 15 '11 at 14:03

Joshua

1,974
2
23
39

votes

2 answers

Is it possible to use a custom certificate for federated single sign-on in Azure active directory?

We're trying to set up a generic SSO solution, and we want it to work with Azure ADFS. The requirement that's causing the problem is that we need the SSO provider to use our own certificate, not one generated by the provider itself (in this case,…

azure certificate single-sign-on adfs

asked Apr 25 '18 at 08:41

Jamie Burns

1,258
9
21

votes

1 answer

Test AD credentials with java using ADFS

I would like to produce java code that could attempt to check the validity of a Domain username/password pair against ADFS I was given an URL to a federationmetadata.xml (apparently it is ADFS 4.0 - 2016). I don't want SSO nor a fancy login page, I…

java authentication adfs

asked Apr 24 '18 at 14:37

Sebastião Burnay

votes

0 answers

ADFS check wrong credentails by exception

This is the simplified code I use: var endpointAddress = new EndpointAddress("https://test/adfs/services/trust/13/usernamemixed"); var binding = new Binding(); var endpointReference = new EndpointReference("test"); …

c# .net adfs wif

asked Apr 23 '18 at 12:33

Snorlax

Prev 1 2 3

…

100