Stack Overflow
Stack Overflow

Questions tagged [adfs]

Active Directory Federation Services (ADFS) is a standards-based web Single Sign-On federated identity which implements claims based authentication across forests.

Active Directory Federation Services (ADFS for short) is a standards-based Web Single Sign-On federated identity which implements claims based authentication across forests. There are multiple versions ADFS 2.0 on WS2008/R2, ADFS in WS2012 (also called 2.1), ADFS in WS2012R2 (also called 3.0) and ADFS in WS2016 (also called 4.0)

ADFS provides authentication services for applications over standard protocols. We typically refer to these apps as claims based applications. Claims based authentication is the process of authenticating a user based on a set of claims about its identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims based authentication. Claims are essentially attributes derived from Active Directory, a LDAP or SQL server.

In ADFS, identity federation is established between two organizations by establishing trust between two security realms. A federation server on one side (the Accounts side) authenticates the user through the standard means in Active Directory Domain Services and then issues a token containing a series of claims about the user, including its identity.

On the other side, the Resources side, another federation server validates the token and issues another token for the local servers to accept the claimed identity. This allows a system to provide controlled access to its resources or services to a user that belongs to another security realm without requiring the user to authenticate directly to the system and without the two systems sharing a database of user identities or passwords.

Latest developer oriented information can be found at links below.

AD FS OpenID Connect/OAuth Concepts https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/development/ad-fs-openid-connect-oauth-concepts

AD FS OpenID Connect/OAuth flows and Application Scenarios https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios

2074 questions
5
votes
0 answers

Spring Saml secondary certificate in metadata

I have a question about certificates generated in metadata (my SP). Our IdP says that when I change certificate I can publish it in metadata e.g. 20 days before as a secondary. Than IdP could load that, set trust and than (e.g. 5 days before…
Lenochod
  • 91
  • 6
5
votes
1 answer

WS-FED authentication (ADFS) and ASP.NET Identity UserManager

I apologize if I use some wrong or ambiguous terms. Please correct me if I do. I have a fairly new ASP.NET 4.6 MVC 5 app that uses Claims authentication via WsFederation and Microsoft ADFS server. That means that I do not expose a LogIn action…
Jason
  • 2,806
  • 2
  • 28
  • 38
5
votes
2 answers

Passport Saml Loop

I'm trying to make a ADFS identification with Passport-Saml.js in a nodejs/angularjs project. When I'm connecting to my Web Site I'm correctly redirected to my ADFS portal. ADFS portal, after authentication correctly redirects to callback. Then the…
Vincent LEAL
  • 53
  • 4
5
votes
1 answer

ADFS: SignatureVerificationFailedException: MSIS0037: No signature verification certificate found for issuer

I'm configuring a Service Provider to connect to ADFS, and looking up the error we get says: The Federation Service encountered an error while processing the SAML authentication request.…
Peter Dietz
  • 2,599
  • 1
  • 24
  • 23
5
votes
2 answers

Azure ActiveDirectory Graph API GraphClient not returning AD Groups

I want to retrieve a User's Group information from Azure AD. Using the following Graph API packages to achieve this Microsoft.Azure.ActiveDirectory.GraphClient Microsoft.IdentityModel.Clients.ActiveDirectory 2.13.112191810 I am able to…
puri
  • 1,829
  • 5
  • 23
  • 42
5
votes
1 answer

MVC5 OWIN ws-federation AuthenticationManager.GetExternalLoginInfoAsync() returns null

I'm trying to setup integrated OWIN WS-Federation (ADFS) authentication in a new MVC 5 project in Visual Studio 2013. WsFederation in Startup.Auth is configured as follows: app.UseWsFederationAuthentication(wtrealm: "MyRealm", …
Grigory Belkin
  • 69
  • 3
5
votes
2 answers

ADFS 3.0 Error Event ID 511 and 364 when using Web Application Proxy

We are trying to set up our Development environment and we are facing issue's when WAP comes in play with ADFS. Below is what we have so far. Our ADFS Server is tied to Active Directory and is working fine with one of the Claims aware relying party…
ady
  • 127
  • 1
  • 1
  • 11
5
votes
2 answers

Apache CXF client for claims-mode xRM (Microsoft Dynamics CRM 2011)?

I'm trying to create an Apache CXF (2.7.5) client for the Microsoft Dynamics CRM 2011 ("xRM") web services (which I understood to be based on WCF 4) where CRM is in claims mode, so that the WSDL for this web service points to an STS (in my case AD…
MarnixKlooster ReinstateMonica
  • 9,640
  • 14
  • 54
  • 108
5
votes
1 answer

What difference between active federation and passive federation in ADFS?

I am new in ADFS. Actually I dont know what is Active or passive federation and also don't know the difference between them,Can Anybody help me on this? Thanks in advance !!!...
Sunil Aher
  • 747
  • 3
  • 14
  • 34
5
votes
2 answers

Best way to Integrate ADFS 2.0 authentication in a Django application

I need to use Active Directory Federation Services (ADFS) authentication in a Django application. I will create an authentication backend, but which tool would someone recommend me to make it as fast as possible, or would it be better to implement…
avenet
  • 2,894
  • 1
  • 19
  • 26
5
votes
1 answer

ADFS 2.0 signout redirect not functioning

In order to sign out of a web app using ADFS for authentication, using a URL that follows this form: https://{DNS_name_of_RP_STS}/adfs/ls/?wa=wsignout1.0&wreply={post-sign-out_landing_URL} works fine. The user is taken to an ADFS site page that…
user19467
  • 53
  • 1
  • 3
5
votes
1 answer

HTTP 400: Bad Request error in ADFS HTTPS Request

I am writing a Node.js app and am trying to integrate an ADFS server to get authentication. For that, I am using wstrust-client, and using the ADFS Server URL as my endpoint. My code so far is: app.get('/login', function(req, res) { …
God
  • 674
  • 2
  • 6
  • 31
5
votes
1 answer

URL with multiple parameters as a query string in ASP.NET

In ASP.NET, I build a string redirectURL to redirect to ADFS form with multiple query string parameters. One such complex parameter is the returnURL with multiple parameters. My problem is that only the first parameter of the returnURL is available…
user1408470
  • 1,475
  • 3
  • 15
  • 21
4
votes
3 answers

Is it possible to create a new user via ADFS?

I am in the process of scoping out whats involved in setting up single sign on using SAML and ADFS. A query has come back that I can't answer and can't seem to find anywhere. Is it possible to carry out the usual user profile actions via ADFS? For…
rf_wilson
  • 1,562
  • 5
  • 32
  • 44
4
votes
0 answers

Flutter SSO (Single Sign On) using **windows ADFS**

I want to add authentication with SSO (Single Sign On) using windows ADFS in flutter app. But I didn't find any helpful doc or package for integration with flutter. So any suggestion will be of great help.
Adnan khan
  • 71
  • 1
  • 4
1 2 3
99 100