Stack Overflow
Stack Overflow

Questions tagged [adfs]

Active Directory Federation Services (ADFS) is a standards-based web Single Sign-On federated identity which implements claims based authentication across forests.

Active Directory Federation Services (ADFS for short) is a standards-based Web Single Sign-On federated identity which implements claims based authentication across forests. There are multiple versions ADFS 2.0 on WS2008/R2, ADFS in WS2012 (also called 2.1), ADFS in WS2012R2 (also called 3.0) and ADFS in WS2016 (also called 4.0)

ADFS provides authentication services for applications over standard protocols. We typically refer to these apps as claims based applications. Claims based authentication is the process of authenticating a user based on a set of claims about its identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims based authentication. Claims are essentially attributes derived from Active Directory, a LDAP or SQL server.

In ADFS, identity federation is established between two organizations by establishing trust between two security realms. A federation server on one side (the Accounts side) authenticates the user through the standard means in Active Directory Domain Services and then issues a token containing a series of claims about the user, including its identity.

On the other side, the Resources side, another federation server validates the token and issues another token for the local servers to accept the claimed identity. This allows a system to provide controlled access to its resources or services to a user that belongs to another security realm without requiring the user to authenticate directly to the system and without the two systems sharing a database of user identities or passwords.

Latest developer oriented information can be found at links below.

AD FS OpenID Connect/OAuth Concepts https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/development/ad-fs-openid-connect-oauth-concepts

AD FS OpenID Connect/OAuth flows and Application Scenarios https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios

2074 questions
5
votes
1 answer

Securing backend WCF service with WIF using ADFS2 as IP

I’m having an issue using ADFS2 to secure a back-end WCF service that is being called from Passively Federated Website. I have the passive federation working on the website, but the back-end service is giving me problems. The pieces of the puzzle.…
Eugene S.
  • 3,256
  • 1
  • 25
  • 36
5
votes
2 answers

ASP.NET MVC - WS Federation - Single Sign out

I'm implementing SSO (Single Sign On and Single Sign Out) for my applications. Let's say I have Application "A" that is Hosted on https://app1.test.com Is registered in AD on-premise with Wtrealm same as https://app1.test.com Application "B"…
Hiren Desai
  • 941
  • 1
  • 9
  • 33
5
votes
1 answer

Sustainsys Saml2 Handler AuthenticateAsync() method operation is not implemented

I'm trying a simple implementation in my Asp net Core application of Saml2 to integrate with an Ad FS server. I can't figure why I am getting this error. I downloaded the samples from the gitHub and tried to adapt it in my…
Arturio
  • 418
  • 1
  • 7
  • 25
5
votes
1 answer

How add two different tokens in ASP.NET Core Web API

I need the Authorize attribute in our Controller can accept two different tokens. One token, is provided from one private ADFS, and other token is provided from AzureAd. Several Ionic clients go to over ADFS, other Ionic clients go to over Azure…
Tulio
  • 61
  • 1
  • 5
5
votes
1 answer

HttpContext.Current.GetOwinContext().Authentication.Challenge() Does not open adfs page

I have an single page mvc application that works with angular js. Angular calls api from my asp mvc application including the login. I want to add single sign on to my application My angular check "GetUserRoles" function before transferring to the…
Wassan
  • 51
  • 1
  • 1
  • 4
5
votes
4 answers

User groups as claims through OpenID Connect over ADFS

I need help in figuring out how I can get a user's assigned groups via OpenID Connect over ADFS (Windows Server 2016). I am currently able to authenticate a user and get the user info including the access_token. When I inspect the JWT-token I can…
Max Fahl
  • 818
  • 9
  • 19
5
votes
2 answers

Difference between adfs and azure AD

Differences between ADFS and Azure AD I understand that ADFS is a STS (Secure Token Service) in the sense that it issues tokens to applications that helps applications establish user identity. At an organization level, our org uses ADFS with…
The Inquisitive Coder
  • 1,085
  • 3
  • 20
  • 43
5
votes
4 answers

What's a good way to get started integrating ADFS with AzMan?

Does anyone know of any good screenscasts or documentation covering the integration Active Directory Federation Services (ADFS) with Authorization Manager (AzMan)?
Bret Walker
  • 1,796
  • 5
  • 20
  • 41
5
votes
2 answers

Federated Identity Management: ADFS vs OpenID

I'm new to Federated Identity Management. I'm trying to understand the differences between the authentication protocols and concepts. I understood the difference/relationship between OpenID and OAuth. However, I'm still confused about the…
user2931442
  • 373
  • 2
  • 7
  • 16
5
votes
2 answers

ADAL page fails to load on UWP within corporate network when using ADFS

We are developing a cross-platform mobile app using Xamarin.Forms that uses Azure Active Directory Authentication. For that case we use Microsoft.IdentityModel.Clients.ActiveDirectory nuget. It works fine with any case other than this one: UWP user…
macchmie3
  • 51
  • 3
5
votes
1 answer

Identityserver4 with ADFS 4.0, cant get Userinfo or Claims

i have tried to configure my Identityserver4 to use ADFS 4.0 as an external Provider. I have configured it as followed: app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme =…
Bernhard Windisch
  • 111
  • 6
5
votes
3 answers

Ws-Federation authentication with ASP.NET Core

I am migrating an ASP.NET application to be on ASP.NET Core, but have met a problem of Ws-Federation authentication: there is no [Ws-Federation] (https://www.nuget.org/packages?q=Microsoft.Owin.Security.WsFederation) OWIN middleware available in…
Shuping
  • 5,388
  • 6
  • 43
  • 66
5
votes
1 answer

adfs (oauth2) token validation howto?

i setup ADFS3.0 for OAuth2 and i finally got the "Access-Token" on my Client-APP. Somethig like this: HTTP/1.1 200 OK Content-Type: application/json;charset=UTF-8 { "access_token":"", "token_type":"bearer", …
Gobliins
  • 3,848
  • 16
  • 67
  • 122
5
votes
1 answer

SSO with AD FS and OWIN how to create an account and handle permissions

I configure a Web App that use AD FS, for this I use OWIN. For the login, all is ok. If i'm an user of a domain and go to the website, he is automatically connected. But what I want to have is to handle users and roles by myself after login. So I…
Jerome2606
  • 933
  • 20
  • 42
5
votes
3 answers

ADFS + OpenID Connect email claim and external ADFS

I'm having difficulties setting up ADFS with OpenID Connect on Windows Server 2016. I've setup AD for testing and I can successfully authenticate, however the email claim is not in the id token. Additionally I've setup an external ADFS in the Claims…
LeoTietz
  • 329
  • 4
  • 13
1 2 3
99 100