Stack Overflow
Stack Overflow

Questions tagged [adfs]

Active Directory Federation Services (ADFS) is a standards-based web Single Sign-On federated identity which implements claims based authentication across forests.

Active Directory Federation Services (ADFS for short) is a standards-based Web Single Sign-On federated identity which implements claims based authentication across forests. There are multiple versions ADFS 2.0 on WS2008/R2, ADFS in WS2012 (also called 2.1), ADFS in WS2012R2 (also called 3.0) and ADFS in WS2016 (also called 4.0)

ADFS provides authentication services for applications over standard protocols. We typically refer to these apps as claims based applications. Claims based authentication is the process of authenticating a user based on a set of claims about its identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims based authentication. Claims are essentially attributes derived from Active Directory, a LDAP or SQL server.

In ADFS, identity federation is established between two organizations by establishing trust between two security realms. A federation server on one side (the Accounts side) authenticates the user through the standard means in Active Directory Domain Services and then issues a token containing a series of claims about the user, including its identity.

On the other side, the Resources side, another federation server validates the token and issues another token for the local servers to accept the claimed identity. This allows a system to provide controlled access to its resources or services to a user that belongs to another security realm without requiring the user to authenticate directly to the system and without the two systems sharing a database of user identities or passwords.

Latest developer oriented information can be found at links below.

AD FS OpenID Connect/OAuth Concepts https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/development/ad-fs-openid-connect-oauth-concepts

AD FS OpenID Connect/OAuth flows and Application Scenarios https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios

2074 questions
6
votes
1 answer

ADFS as OAuth2 provider / Authentication server possible?

We want to setup ADFS 3.0 to enable OAuth2 based authentication. I have read lots of documentation, but am still unclear if this is supported. Can ADFS be used as an authorization server for oauth, or is oauth2 support in ADFS only meant to work as…
Gobliins
  • 3,848
  • 16
  • 67
  • 122
6
votes
2 answers

Angular 2 Authenticatication with on-prem ADFS

We have decided to use Angular 2 as the framework for our new project. In trying to deal with the security aspect of things, I cannot find much on authentication with on-prem ADFS. There is plenty out there dealing with Azure AD, but that is not an…
bharris9
  • 335
  • 3
  • 14
6
votes
2 answers

How can I imitate Stack Overflows SSO? Particularly where it federates with serverfault.com?

How does Stack Overflow's SSO work? ... whatever it is they are doing it seems to work for all sites in the network. I'd like to learn what Stack is doing so I can see if it's possible to get a similar registration scheme between http://perfmon.com…
makerofthings7
  • 60,103
  • 53
  • 215
  • 448
6
votes
2 answers

ADFS authentication and impersonation from a Java (Spring MVC under Jetty) application

I have a Java web app which provides a search service, and in some cases needs to check security for results. If it matters, it's implemented in Spring MVC and running under jetty. I have a customer who would like the web app's authentication…
Matt Sheppard
  • 116,545
  • 46
  • 111
  • 131
6
votes
1 answer

Authenticate with ADFS inside Console App silently

I have a c# console application that references the ADAL.net library (Microsoft.IdentityModel.Clients.ActiveDirectory version 2.19.208020213) The purpose of the console app is to consume a HTTP endpoint which is protected with ADFS. The…
Baldy
  • 3,621
  • 4
  • 38
  • 60
6
votes
2 answers

WCF, Claims, ADFS 3.0

I'm trying to understand what I need to develop a framework using WCF, Claims and ADFS 3.0. The internal users will authenticate against Active Directory, External User authenticate against SQL Server table and the authorization is stored in…
Fab
  • 904
  • 2
  • 14
  • 38
6
votes
2 answers

Add roles to ADFS IPrincipal

I have been looking for answer to this question for a few days now, but I have not found any success. I would post the links, but it would probably take up the entire page. So here is what I have... I have an MVC application, which uses the…
Rogala
  • 2,679
  • 25
  • 27
6
votes
1 answer

Authenticating to SharePoint Online using cURL (using ADFS 2.1 as IP-STS)

I'm trying to set up a simple script that uses cURL to monitor our SharePoint Online site by doing the following:- Log into our Office 365 environment using a federated identity (ADFS 2.1) using the "../adfs/services/trust/13/UsernameMixed"…
Duncan Hepple
  • 101
  • 1
  • 1
  • 4
6
votes
1 answer

Does ADFS server supports scim protocol

Does current Microsoft ADFS 2.0 server (or new ADFS 3.0 RTM ) support SCIM provisioning protocol ? If not which one provisioning protocol is planned SPML maybe ?
Rastko
  • 890
  • 1
  • 17
  • 32
6
votes
1 answer

ADFS Active Authentication .NET 4.5 (Post-WIF)

I have an ASP.NET web application (running on .NET 4.5). It's currently doing forms authentication. We've set up an ADFS 3 server with multiple federations, some internal, some external (customer STSs), and we'd like to configure the web application…
ctb
  • 1,212
  • 1
  • 11
  • 24
6
votes
2 answers

Using ADFS 2.0 with non-.NET services

I am looking at ways to tie together a number of Windows-based web services together under single-sign-on. Microsoft's Windows Identity Framework and ADFS 2.0 are the perfect tools for the job, except that not all of our web services are written in…
Brad G.
  • 801
  • 5
  • 12
6
votes
1 answer

Trying to get ADFS Saml assertion token using curl

After reading this post http://leandrob.com/2012/02/request-a-token-from-adfs-using-ws-trust-from-ios-objective-c-iphone-ipad-android-java-node-js-or-any-platform-or-language/ I tried to request a SAML token using curl. Here is what I'm passing…
Brian
  • 385
  • 2
  • 12
6
votes
1 answer

Authenticating against AD FS from a .Net 4.5 Console App

I'm in the process of getting my head round using AD FS to authenticate a user in a .NET 4.5 app. I can't find any examples of requesting/receiving the token from a console app and converting that token into a ClaimsPrinciple. The only examples I…
Gavin
  • 17,053
  • 19
  • 64
  • 110
5
votes
2 answers

ADFS (CRM 2011) - Authentication Issue in Microsoft Outlook Client for CRM (Response.Redirect(...) & Window.Open(...))

Before I start, our customers have to connect through AFDS to be able to go on the CRM 2011. So we are talking about an “IFD”-environment. I’m having a problem when using the “CRM 2011 Outlook Client” and the “Window.Open(…)”-JS function. When they…
Freeetje
  • 523
  • 8
  • 27
5
votes
0 answers

UI testing using Cypress with authentication to Azure AD using ADFS

These are my notes for how to UI test an Azure AD single page app using MSAL.js and ADFS (in our case on-premise) and the schema associated with the process of token creation and local storage. From the tutorial: "It uses the ROPC authentication…
Davemundo
  • 849
  • 9
  • 14
1 2 3
99 100