Stack Overflow
Stack Overflow

Questions tagged [adfs]

Active Directory Federation Services (ADFS) is a standards-based web Single Sign-On federated identity which implements claims based authentication across forests.

Active Directory Federation Services (ADFS for short) is a standards-based Web Single Sign-On federated identity which implements claims based authentication across forests. There are multiple versions ADFS 2.0 on WS2008/R2, ADFS in WS2012 (also called 2.1), ADFS in WS2012R2 (also called 3.0) and ADFS in WS2016 (also called 4.0)

ADFS provides authentication services for applications over standard protocols. We typically refer to these apps as claims based applications. Claims based authentication is the process of authenticating a user based on a set of claims about its identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims based authentication. Claims are essentially attributes derived from Active Directory, a LDAP or SQL server.

In ADFS, identity federation is established between two organizations by establishing trust between two security realms. A federation server on one side (the Accounts side) authenticates the user through the standard means in Active Directory Domain Services and then issues a token containing a series of claims about the user, including its identity.

On the other side, the Resources side, another federation server validates the token and issues another token for the local servers to accept the claimed identity. This allows a system to provide controlled access to its resources or services to a user that belongs to another security realm without requiring the user to authenticate directly to the system and without the two systems sharing a database of user identities or passwords.

Latest developer oriented information can be found at links below.

AD FS OpenID Connect/OAuth Concepts https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/development/ad-fs-openid-connect-oauth-concepts

AD FS OpenID Connect/OAuth flows and Application Scenarios https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios

2074 questions
8
votes
1 answer

Letting a pure HTML/CSS/JS SPA application ask the user for his username/password and pass it to ADFS?

I'm writing a fairly large application, with a HTML/CSS/JS frontend, using AngularJS and a ASP.NET MVC Web API as a backend. I would like users to be able to authenticate, I've installed ThinkTecture AuthorizationServer on a separate machine, and…
dabs
  • 727
  • 1
  • 7
  • 23
7
votes
2 answers

Authenticating on ADFS with Python script

I need to parse site, which is hidden by ADFS service. and struggling with authentication to it. Is there any options to get in? what i can see, most of solutions for backend applications, or for "system users"(with app_id, app_secret). in my…
Psychozoic
  • 607
  • 4
  • 9
  • 24
7
votes
1 answer

ADFS is returning "SAML provider returned Responder error: unspecified" when credentials are left empty

I've implemented ADFS SSO in a node api using passport-saml. Logging in works but when I don't give up any credentials and submit the login form the ADFS server returns the following error: "SAML provider returned Responder error: unspecified" When…
Thijs Hendrikx
  • 239
  • 2
  • 6
7
votes
1 answer

Proper LogoutRequest for Single Logout with ADFS IdP

I'm successfully using OneLogin java-saml library for SAML SSO. But there are problems with SLO (Single Logout) with Active Directory Federation Service (ADFS). LogoutRequest created by the library is rejected by ADFS, while it is accepted by…
Eugene Khyst
  • 9,236
  • 7
  • 38
  • 65
7
votes
2 answers

Difference between WS-Trust, WS-Fed and SAML 1.1/ 2.0 protocols

What's the difference between WS-Trust, WS-Fed and SAML 1.1/ 2.0 protocols? My understanding on these protocols gets confused when SAML is used as a security token in WS-Trust and WS-Fed protocols. Interested in knowing in which scenario these…
Zeigeist
  • 3,755
  • 3
  • 20
  • 22
7
votes
3 answers

What's the difference between WS-Trust, OpenID, and SAML Passive?

Seems that Microsoft ADFSv2 supports WS-Trust, and SAML Passive, but the WIF stack it's built upon doesn't support SAML. What is the difference between WS-Trust and SAML-P? Do they share the same security vulnerabilities, if so what are they? Note:…
makerofthings7
  • 60,103
  • 53
  • 215
  • 448
7
votes
1 answer

How can I validate this ADFS token?

On my MVC site, I redirect to an ADFS login page if I detect an ADFS account is being used. After the user enters their ADFS credentials, the ADFS site posts a WsFederationMessage back to my site. How can I validate the ADFS token that is presented…
Alexandru
  • 12,264
  • 17
  • 113
  • 208
7
votes
2 answers

ADFS 2.0 simpleSAML issue: More than one claim based on SamlNameIdentifierClaimResource was produced

I am trying to setup an ADFS 2.0 IDP - simplesaml saml sp configuration, and i am blocked, the errors reported by ADFS are nowere to be found even in the official adfs documentation. I have sucessfully set up the relaying party, from the sp app i…
aciobanu
  • 391
  • 1
  • 4
  • 14
7
votes
2 answers

ADFS session expires and causes error

We use ADFS for our internal applications - users are basically logged in transparently anytime they go to one of our apps. However, if a user leaves a page open for over an hour then tries to do something on that page (other than navigate to…
zimdanen
  • 5,508
  • 7
  • 44
  • 89
6
votes
2 answers

Unexpected end of file. Following elements are not closed: Cookie, SecurityContextToken. Line 1, position 2998

I have implemented ADFS authentication for an asp.net 4.0 application. I have hosted the application in the production environment with webfarm configuration. The website works well and all the images are rendered properly in the IE8 browser. But…
santosh kumar patro
  • 7,231
  • 22
  • 71
  • 143
6
votes
1 answer

Windows Presentation Foundation (WPF) + Windows Identity Foundation (WIF)

Scenario: I need to configure a WPF application to send credentials from integrated security to an ADFS server and receive tokens back. I can't find guides describing in detail how to do this. The focus seems to be on web applications, web…
user634646
  • 61
  • 1
  • 4
6
votes
2 answers

NTLM authentication to AD FS for non-IE browser without 'Extended Protection' switched off?

When using NTLM authentication to AD FS 2.0, from Google Chrome or Firefox 3.5+ running on Windows, then this results in a repeated sign-in dialog and finally sign-in failure, with 'Audit Failure' events with "Status: 0xc000035b". This can be…
MarnixKlooster ReinstateMonica
  • 9,640
  • 14
  • 54
  • 108
6
votes
1 answer

Pass SAML response from a Web App to the REST API for authentication?

We have a Web App using REST API. The REST API is based on Loopback and uses it's built-in token-based authentication. For the Web App we use forms based authentication over HTTPS, so the user has to enter his username and password which we then use…
Peter Liapin
  • 1,196
  • 9
  • 20
6
votes
3 answers

How do I setup a valid on-premise ADFS URI?

I have a .NET 4.6.2 Windows client application which needs to get an authentication token from our on-premise ADFS server and use it to call an ASP.NET Core REST API. It's client name, id (GUID) and re-direct URI have been registered with ADFS. I…
Peter
  • 5,455
  • 7
  • 46
  • 68
6
votes
2 answers

ADFS STS authentication with console application

I have a website and API secured with our corporate ADFS-backed token service. I need to hit an endpoint on the API with a C# console application. I am finding a lack of resources for using C# code to access STS secured websites. It uses ADFS…
hsimah
  • 1,265
  • 2
  • 20
  • 37
1 2 3
99 100