Stack Overflow
Stack Overflow

Questions tagged [adfs]

Active Directory Federation Services (ADFS) is a standards-based web Single Sign-On federated identity which implements claims based authentication across forests.

Active Directory Federation Services (ADFS for short) is a standards-based Web Single Sign-On federated identity which implements claims based authentication across forests. There are multiple versions ADFS 2.0 on WS2008/R2, ADFS in WS2012 (also called 2.1), ADFS in WS2012R2 (also called 3.0) and ADFS in WS2016 (also called 4.0)

ADFS provides authentication services for applications over standard protocols. We typically refer to these apps as claims based applications. Claims based authentication is the process of authenticating a user based on a set of claims about its identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims based authentication. Claims are essentially attributes derived from Active Directory, a LDAP or SQL server.

In ADFS, identity federation is established between two organizations by establishing trust between two security realms. A federation server on one side (the Accounts side) authenticates the user through the standard means in Active Directory Domain Services and then issues a token containing a series of claims about the user, including its identity.

On the other side, the Resources side, another federation server validates the token and issues another token for the local servers to accept the claimed identity. This allows a system to provide controlled access to its resources or services to a user that belongs to another security realm without requiring the user to authenticate directly to the system and without the two systems sharing a database of user identities or passwords.

Latest developer oriented information can be found at links below.

AD FS OpenID Connect/OAuth Concepts https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/development/ad-fs-openid-connect-oauth-concepts

AD FS OpenID Connect/OAuth flows and Application Scenarios https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios

2074 questions
4
votes
1 answer

Spring security - create 2 filter chains with specific matchers

I'm in the process of implementing ADFS support to an existing spring project. Since we already have our own JWT authentication, which we want to work in parallel to ADFS authentication, I want to implement a new filter chain that will handle only…
Itamar Kerbel
  • 2,508
  • 1
  • 22
  • 29
4
votes
1 answer

Authenticate user of web service via ADFS

I was hoping that someone could confirm my understanding (or lack thereof!) of ADFS with respect to WCF. I've even drawn a pretty diagram. "Bob" uses a web app, which is hosted on Client's domains. Client authenticates Bob via AD. However the web…
Duncan
  • 10,218
  • 14
  • 64
  • 96
4
votes
0 answers

Error in SAML response processing: No SAML assertion found in the SAML response

I've configured Cognito to use SAML Identity Provider and did all the setup on AD side, AD accepts the request and allow me to sign-in, then it responds to the configured idpresponse endpoint with the SAMLResponse form data value as you can see in…
Marcelo Luiz Onhate
  • 501
  • 8
  • 17
4
votes
1 answer

angular-oauth2-oidc CORS ADFS

I am using angular-oauth2-oidc library to connect to ADFS but I get the following error: I am using the following code: app.component.ts: config.issuer = 'https://myserver/adfs'; config.clientId = 'https://myapp/'; config.redirectUri =…
Anonimo
  • 41
  • 1
4
votes
0 answers

Spring-Security 5 OAuth2 authentication against ADFS 2016

I'm trying to setup my spring-boot 2.2.0 application to authenticate users on my ADFS 2016 using OAuth2. Unfortunately it doesn't work as at every requests the AFS give me this error: MSIS9604: An error occurred. The authorization server was not…
Raph818
  • 41
  • 3
4
votes
1 answer

Is there a way to let testcafe login using sso?

For an End-to-End test, I want Testcafe to login to our SaaS application using SSO (just as a user would do). For this to work Testcafe needs to get through our proxy and then log in to the application using the credentials of the user that is…
Yvar Bergman
  • 41
  • 5
4
votes
0 answers

Configure an asp.net core Web App to validate JWT token from ADFS

I'm using ADFS 2019 and the scenario is: Client App (trusted, client id and client secret) Web Api (acts both as a server and as a client) Resource to access My GOAL is: By using postman get a token from ADFS and call a Web API launched locally…
Loris
  • 454
  • 7
  • 19
4
votes
2 answers

Upsert in Kusto DB

I have an ADF which writes output of a Kusto Function to a Kusto Table daily. I need to upsert the data daily into the table. I did not find a way to update the existing data in Kusto DB. Is there any way I can insert row if data not exists with the…
Alias Varghese
  • 2,104
  • 3
  • 24
  • 52
4
votes
1 answer

how to get jwt token without using hosted ui in aws cognito with AD SAML 2.0

What I have done so far? I have integrated Microsoft AD with AWS Cognito by adding Trust relationships and setting Cognito Identity provider. In this, I have set up an app domain prefix during Cognito set up. By using the following URL I am able to…
pravindot17
  • 1,199
  • 1
  • 15
  • 32
4
votes
0 answers

Silent refresh in Angular-ouath2-oidc not working after id_token expiration

My current Angular 7 PWA application can't renew the OIDC tokens (obtained via azure adfs) after the id_token it's expired: all the silentRefresh() calls fails with following error: AADSTS50058:A silent sign-in request was sent but no user is signed…
illeb
  • 2,942
  • 1
  • 21
  • 35
4
votes
1 answer

converting mvc 5 adfs to .net core adfs

I have an existing mvc 5 application that successfully uses on premise active directory federated services relevant web config settings
Bryan Dellinger
  • 4,724
  • 7
  • 33
  • 79
4
votes
1 answer

Windows Server 2016 ADFS - Integration with AWS Directory Service

We would like to use WebSSO(single sign on with a single set of credentials) for a number of small in-house web applications using Windows Server 2016 - ADFS (active directory federation service) and AWS Directory Service. We had created a domain…
Vishwa Kumba
  • 143
  • 1
  • 5
4
votes
1 answer

How to implement SSO functionality on IOS using ADFS

I want to implement the single sign-on functionality on IOS using ADFS. I did some R&D and tried the MSAL iOS library for ADFS authentication but it's not working for me. I have added client id, Authority URL for ADFS authentication but it's not…
arun kamboj
  • 1,145
  • 4
  • 17
  • 48
4
votes
1 answer

Adding self-signed root certificate to Azure App Service

I have an Azure based .NET web app that we are trying to connect to a client's local ADFS environment. We are able to get access to the resource via the Azure Hybrid Connection, but when we try to get an authentication header from ADFS we get a…
Alex Meyer
  • 771
  • 1
  • 7
  • 17
4
votes
3 answers

SAML error for SSO with ADFS - MSIS0038: SAML Message has wrong signature

Hi I am trying to use SSO to authenticate my client's users directly to my website. My client's IDP is Microsoft ADFS and I am using Passport-SAML (https://github.com/bergie/passport-saml) to configure the SSO process. After getting to a special URL…
jerem
  • 1,016
  • 2
  • 12
  • 27
1 2 3
99 100