Stack Overflow
Stack Overflow

Questions tagged [adfs]

Active Directory Federation Services (ADFS) is a standards-based web Single Sign-On federated identity which implements claims based authentication across forests.

Active Directory Federation Services (ADFS for short) is a standards-based Web Single Sign-On federated identity which implements claims based authentication across forests. There are multiple versions ADFS 2.0 on WS2008/R2, ADFS in WS2012 (also called 2.1), ADFS in WS2012R2 (also called 3.0) and ADFS in WS2016 (also called 4.0)

ADFS provides authentication services for applications over standard protocols. We typically refer to these apps as claims based applications. Claims based authentication is the process of authenticating a user based on a set of claims about its identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims based authentication. Claims are essentially attributes derived from Active Directory, a LDAP or SQL server.

In ADFS, identity federation is established between two organizations by establishing trust between two security realms. A federation server on one side (the Accounts side) authenticates the user through the standard means in Active Directory Domain Services and then issues a token containing a series of claims about the user, including its identity.

On the other side, the Resources side, another federation server validates the token and issues another token for the local servers to accept the claimed identity. This allows a system to provide controlled access to its resources or services to a user that belongs to another security realm without requiring the user to authenticate directly to the system and without the two systems sharing a database of user identities or passwords.

Latest developer oriented information can be found at links below.

AD FS OpenID Connect/OAuth Concepts https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/development/ad-fs-openid-connect-oauth-concepts

AD FS OpenID Connect/OAuth flows and Application Scenarios https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios

2074 questions
10
votes
1 answer

ADFS 2.0 Windows 2008 R2 Web API

I would like to make a MVC Web Application that talks to a Web API application and use ADFS 2.0 (on Windows 2008 R2) for authentication. I managed to make the MVC Web Application to authenticate using ADFS. Q: But I don't know how I should federate…
Petrutiu Mihai
  • 565
  • 4
  • 14
9
votes
2 answers

401 when calling UserInfo using ADFS 4.0 and OpenID Connect

I've successfully created a new Application Group with a Server Application as well as a Web API and the OpenID Connect protocol is working w/out any issues until I try and make a call to UserInfo. The Relying Party identifier is the same GUID as…
Frank Z
  • 91
  • 1
  • 3
9
votes
1 answer

ADFS doesn't have P3P policy

I have application that uses SAML authentication, we have installed AD FS 3.0 on 2012 R2 machine. I think users do get authenticated but there is an issue with it as my application returns error, here is response header that I get: HTTP/1.1 200…
zuboje
  • 696
  • 3
  • 11
  • 28
9
votes
2 answers

How do I talk to ADFS from Java?

We have a website running on Caucho Resin. It's written primarily in Java using JSP. We have our own custom authentication on the site. (We're not using any third party authentication frameworks.) We would now like to support federation using SAML.…
casolorz
  • 8,486
  • 19
  • 93
  • 200
9
votes
2 answers

How to validate ADFS SAML token

I am currently generating SAML tokens from ADFS like this: WSTrustChannelFactory factory = null; try { // use a UserName Trust Binding for username authentication factory = new WSTrustChannelFactory( …
hoetz
  • 2,368
  • 4
  • 26
  • 58
9
votes
3 answers

Best ADFS protocol support for node js

I am completely new to ADFS. I need to access the ADFS server through node.js. I am searching for good reference notes, with implementation. And suggest me which protocol is best for requesting. Video tutorials are also heplful.
God
  • 674
  • 2
  • 6
  • 31
9
votes
3 answers

Configure ADFS to become a identity provider in Thinktecture IdentityServer 2.0

I am trying setup a sample: a web application uses active directory log-on through thinktecture identity server 2.0. Both Active Directory and Thinktecture IdentityServer are setup on a same machine. I configured Thinktecture IdentityServer to use…
Louis Nguyen
  • 139
  • 1
  • 1
  • 3
9
votes
3 answers

Single sign on for .NET application integrated with Active Directory

We have several customer using our web application (not intranet), some customers want their login should be integrated with their organizations Active Directory. They just want that user should login to their windows account and can access the…
Sabby62
  • 1,707
  • 3
  • 24
  • 37
8
votes
1 answer

ADFS Single-Sign-On for SharePoint 2013 on-premises, Power BI and custom web app?

Scenario There is one user store, namely an on-premises AD. ADFS provides authentication for SharePoint 2013 and Power BI. The custom web app needs to authenticate users from AD. The web app back-end also requires access to the SharePoint REST…
Suthan Bala
  • 3,209
  • 5
  • 34
  • 59
8
votes
1 answer

Authentication to ASP.NET Web Api using ADFS

I am in the situation that I need to access a ASP.NET Web Api that is using ADFS for authentication. I can hit it reliably through my browser by going through the ADFS login portal and getting the relevant FedAuth cookie. Unfortunately I need to…
Tennaheim
  • 141
  • 1
  • 1
  • 4
8
votes
1 answer

ADFS SSO SAML Windows Integrated authentication does not work

The project we are working now is Single Sign On via ADFS using SAML Token. The basic rule this project should follow is the following: 1. Agent logs in to windows using his\her credentials. 2. Agent logs in to a web application (Relying…
liorafar
  • 2,264
  • 4
  • 19
  • 39
8
votes
1 answer

What is the relationship between wtrealm, WS-Federation Passive URL and app ID?

I am looking into ADFS integration using Microsoft's OWIN WS-Federation package but I am finding it difficult to determine the purpose of certain parameters from the documentation that is available. We have three environments, which are all hosted…
Ant P
  • 24,820
  • 5
  • 68
  • 105
8
votes
1 answer

ADFS 3 OAuth 2 CORS Error

I am adding ADFS authentication to an Angular SPA web site with a WebApi back end. To accomplish this I have set up the ADFS instance with a client and a RP. In order to log into the SPA the user is redirected to the…
BoxedValueType
  • 102
  • 1
  • 5
8
votes
2 answers

Authentication / Authorization MVC 5 and Web API - Katana/Owin

I'm having problems trying to decide on a route to take on a project I have. I've been reading up on OWIN specs and Katana implementation within .NET. The reason why I'd like to go with the Katana route is because of the owin components associated…
sksallaj
  • 3,872
  • 3
  • 37
  • 58
8
votes
1 answer

AADSTS50001: Getting exception while trying to access token from Azure AD by using ADAL from Console client

Getting exception while trying to access token from Azure AD by using ADAL from Console client. Steps: I have configured Azure AD with my Web API application localhost:44307. Added the required configuration for Client Id, Client Key. Followed the…
Sai
  • 1,376
  • 2
  • 15
  • 25
1 2
3
99 100