Stack Overflow
Stack Overflow

Questions tagged [adfs]

Active Directory Federation Services (ADFS) is a standards-based web Single Sign-On federated identity which implements claims based authentication across forests.

Active Directory Federation Services (ADFS for short) is a standards-based Web Single Sign-On federated identity which implements claims based authentication across forests. There are multiple versions ADFS 2.0 on WS2008/R2, ADFS in WS2012 (also called 2.1), ADFS in WS2012R2 (also called 3.0) and ADFS in WS2016 (also called 4.0)

ADFS provides authentication services for applications over standard protocols. We typically refer to these apps as claims based applications. Claims based authentication is the process of authenticating a user based on a set of claims about its identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims based authentication. Claims are essentially attributes derived from Active Directory, a LDAP or SQL server.

In ADFS, identity federation is established between two organizations by establishing trust between two security realms. A federation server on one side (the Accounts side) authenticates the user through the standard means in Active Directory Domain Services and then issues a token containing a series of claims about the user, including its identity.

On the other side, the Resources side, another federation server validates the token and issues another token for the local servers to accept the claimed identity. This allows a system to provide controlled access to its resources or services to a user that belongs to another security realm without requiring the user to authenticate directly to the system and without the two systems sharing a database of user identities or passwords.

Latest developer oriented information can be found at links below.

AD FS OpenID Connect/OAuth Concepts https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/development/ad-fs-openid-connect-oauth-concepts

AD FS OpenID Connect/OAuth flows and Application Scenarios https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios

2074 questions
15
votes
4 answers

Claim auth from ADFS

I try to connect to a SharePoint Online instance via a WPF application. I have found this article that discribes a possible solution but the problem is that the specific instance has a Active Directory Federation Services (ADFS) in front and I don't…
jwillmer
  • 3,570
  • 5
  • 37
  • 73
14
votes
1 answer

Using AWS Cognito and AD FS as authentication for a web app

We are currently building a web app using a full serverless stack on AWS. So far we have been very successful using AWS Lambda, AWS DynamoDB and Cognito User Pools. This application is intended to be an enterprise application and one of my clients…
bteres
  • 609
  • 4
  • 14
14
votes
2 answers

Including SAML2.0 token in WCF service call without using WIF

I'm trying to set up a WCF service protected by ADFS. I'm currently able to request a token and send it with the request using WIF and Thinktecture IdentityModel 4.5 with the following code: static SecurityToken GetToken() { var factory = new…
Wouter Roos
  • 201
  • 4
  • 11
13
votes
2 answers

InvalidNameIDPolicy working with ADFS

I have many clients that uses SSO, for that we use SAML 2. Many of my clients uses providers like Okta, PingIdentity and a bunch of them ADFS. Doing the integration with ADFS always at the beginning raises this error when they came back with the…
wcpaez
  • 321
  • 1
  • 3
  • 9
12
votes
3 answers

Is it a bad practice to put external users in Active Directory?

We have an existing Web application and we want to migrate from a custom authentication solution to Active Directory Federation Services so that our partner organizations can manage the authorization of their users on their side. Right now the site…
Bret Walker
  • 1,796
  • 5
  • 20
  • 41
12
votes
1 answer

LDAP vs ADFS Single Sign On

I work for a company that offers a SaaS solution. We currently allow customers to SSO in using ADFS on their side and we are the Service Provider accepting a SAML assertion. We seem to get a large number of people requesting SSO via LDAP though. …
kickinchicken
  • 1,281
  • 4
  • 18
  • 40
12
votes
2 answers

How can I find out what my 'On-Premises Authority' url is?

I'm setting up a new .NET MVC project and want to use my local ADFS for managing users. I know the IP address of the machine my ADFS is running on and have tried using that for the 'On-Premises Authority' URL, but I got an message stating that it…
Chris Paton
  • 5,113
  • 4
  • 41
  • 52
12
votes
1 answer

URL redirection from ADFS server

I'm using ADFS for authentication in my ASP.net web app. The STS server redirects the browser to https://test.contoso.com. STS doesn't allow any return URL parameter when redirecting the client to STS in the first place. Would it be possible to…
Sam
  • 933
  • 5
  • 14
  • 26
11
votes
1 answer

IDX10501: Signature validation failed. Unable to match key

I have a task to authenticate the APIs using ADFS Token which is from an external application, so I have created two applications one is MVC application lets say A which authenticates using with SSO credentials and another one is WEB API…
user3301440
  • 800
  • 6
  • 13
  • 27
11
votes
2 answers

SAML2 Metadata - Multiple Signing Certificates

I'm looking at a SAML IdP's metadata and it lists three unique certificates - 2 signing and 1 encryption. ...
Daniel Gatto
  • 113
  • 1
  • 1
  • 5
11
votes
1 answer

Redirect loop with .Net MVC Authorize attribute with ADFS Claims

I have a problem configuring ADFS with my .Net MVC 5 app. I have configured my project in VS 2015 to use claims and it works ok, but I have an issue. I can sign in, ussing ADFS, I can check user roles etc. The problem occures when i try to use…
bunny1985
  • 762
  • 6
  • 21
10
votes
1 answer

Blazor Server - how to configure for on-premises ADFS Security?

I have an existing Blazor (Server) app addressing .NET Core 3.1 preview 2. I need to retrospectively add on-prem ADFS (not Azure) security. I've been trying to follow Microsoft's Authenticate users with WS-Federation in ASP.NET Core and it's…
DrGriff
  • 4,394
  • 9
  • 43
  • 92
10
votes
3 answers

AWS Cognito - create groups from ADFS as Cognito Groups

An app is communicating via the Open ID Connect protocol with AWS Cognito, which is connected to ADFS, communicating via SAML. Cognito is essentially "proxying" the ADFS server. ADFS holds a group mapping that the app requires, and I would like to…
Tobias Roland
  • 1,182
  • 1
  • 13
  • 35
10
votes
1 answer

Single Sign On implementation in C# using SAML 2.0

For past week I did a lot of research on the topic of using Single Sign On with SAML 2.0. I have found a lot of good articles and I understand the process of SSO in detail, but I am encountering problems when implementing it in our C# solution with…
mbajer92
  • 113
  • 1
  • 1
  • 9
10
votes
2 answers

WS-Federation sign-in Asp.NET 5 MVC 6 ADFS

Hello so I've been trying to achieve WS-Fed SSO on my MVC6 web application, I've read a bit on authentification and all to identify my requirements. I have to use WsFederationAuth so no oauth nor saml protocol would work for me. Edit : After…
Lomithrani
  • 2,033
  • 3
  • 18
  • 24
1
2
3
99 100