Questions tagged [adfs]

Active Directory Federation Services (ADFS) is a standards-based web Single Sign-On federated identity which implements claims based authentication across forests.

Active Directory Federation Services (ADFS for short) is a standards-based Web Single Sign-On federated identity which implements claims based authentication across forests. There are multiple versions ADFS 2.0 on WS2008/R2, ADFS in WS2012 (also called 2.1), ADFS in WS2012R2 (also called 3.0) and ADFS in WS2016 (also called 4.0)

ADFS provides authentication services for applications over standard protocols. We typically refer to these apps as claims based applications. Claims based authentication is the process of authenticating a user based on a set of claims about its identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims based authentication. Claims are essentially attributes derived from Active Directory, a LDAP or SQL server.

In ADFS, identity federation is established between two organizations by establishing trust between two security realms. A federation server on one side (the Accounts side) authenticates the user through the standard means in Active Directory Domain Services and then issues a token containing a series of claims about the user, including its identity.

On the other side, the Resources side, another federation server validates the token and issues another token for the local servers to accept the claimed identity. This allows a system to provide controlled access to its resources or services to a user that belongs to another security realm without requiring the user to authenticate directly to the system and without the two systems sharing a database of user identities or passwords.

Latest developer oriented information can be found at links below.

AD FS OpenID Connect/OAuth Concepts https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/development/ad-fs-openid-connect-oauth-concepts

AD FS OpenID Connect/OAuth flows and Application Scenarios https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios

2074 questions

votes

0 answers

ADFS Token generation working in C# but NOT in VB.Net

Below is code in c# to get token from server. The code in C# is working fine and I am able to receive the token from server but when I write same syntax in VB.net then I get exception. The framework for the code is same "4.6.2". App config of both…

asked Oct 12 '18 at 11:05

Shashank

votes

0 answers

asp.net authentication AD and Forms

Scenario: I work for an entreprise that have multiple internal applications, each application manage it's own users accounts. So the users have an account for each application. Now, the time to get ride of all this mess has arrived. And I'm in…

c# asp.net sql-server adfs

asked Oct 11 '18 at 10:23

Aziz Mounir

votes

1 answer

Authenticating and ASP.NET Core application with ADFS and SAML

I've searched over Internet and I couldn't find any good resources explaining how to authenticate an ASP.NET Core web application through ADFS using the SAML protocol. However, I found an old blog post saying that it was not supported and that it…

authentication asp.net-core adfs

asked Oct 06 '18 at 10:52

ssougnez

5,315
11
46
79

votes

1 answer

CAS Delegated Authentication and AttributeReleasePolicies

We were able to integrate CAS 5.2.6 using delegated authentication with Azure AD (Saml Idp) The integrated is working fine when the client webapp is deployed on Tomcat-9 The same client WAR fails in JBoss-EAP or Wildfly because of SaxParing…

saml adfs cas jasig

asked Oct 05 '18 at 08:46

Raghavan

votes

1 answer

Passing through groupmembership using ADFS(2016) for openid-connect

We have a ADFS Server running on windows 2016, which should support OAuth2 and openid-connect. We are trying to disclose a webapplication which uses openid-connect but expects groupmembership in a claim "groups". There are guides available how to…

openid-connect adfs

asked Oct 02 '18 at 08:02

Kage

votes

1 answer

HttpsUrlConnection ADFS authentication with cookie not working

I'm trying to connect to a web API secured with ADFS from an Android app. I successfully implemented ADAL. After logging in to ADFS I receive a token and a cookie. Using that cookie I should be able to query the webapi, but I always get redirected…

cookies authorization adfs httpsurlconnection

asked Sep 27 '18 at 13:29

marc

votes

0 answers

ADFS, SharePoint On-prem

We have a SharePoint 2016 farm with 8 servers. Also, the load balancer server is functioning to balance the request between the web-front-end server(s). The web application is configured to use the ADFS as an additional authentication provider…

adfs sharepoint-2016

asked Sep 26 '18 at 06:43

Vikram Dagwar

votes

1 answer

How to redirect from web page to windows application?

I have MVC application where I'm authenticating user through the ADFS and send that details to the windows application to authentication. The steps i followed are: Sending username and password to ADFS. Receiving token from ADFS once user…

c# windows adfs

asked Sep 25 '18 at 08:42

Gee

votes

1 answer

ADFS SSL Certificate: What is the purpose of the secondary certificate?

In the ADFS, you have a primary and secondary certificate. In the link https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/design/certificate-requirements-for-federation-servers, they mentioned that you can have multiple token-signing…

windows ssl server x509certificate adfs

asked Sep 17 '18 at 03:59

Rj S Isaac

votes

2 answers

ADFS implementation in existing asp.net mvc application

We have existing mvc application with episerver cms 10. That application performs well. But we now have requirement to implement adfs in existing application. I checked different links on internet regarding this. I can see that it is straight…

c# asp.net-mvc-4 adfs episerver

asked Sep 11 '18 at 07:02

Amol Kothawade

votes

2 answers

Artifactory group association SAML/ADFS

We are using Artifactory 6.3.3 and trying to implement SSO with SAML via ADFS. The basics work fine, but the group associations don't. The user can log in, but the group repository permissions aren't used. The SAML logger says that there are (for my…

saml artifactory adfs

asked Sep 10 '18 at 05:55

ISK

votes

1 answer

Azure AD B2C and ADFS as SAML IdP. Code example?

I want users of my application authenticated in a couple of on-premises ADFS servers. I setup Azure B2C working together with ADFS as SAML identity provider. The setup process is described here in MS official docs…

azure saml adfs azure-ad-b2c

asked Sep 05 '18 at 08:27

Michael Chudinov

2,620
28
43

votes

2 answers

Using ADFS to provide Kerberos token for WAP and backend system

We have SharePoint on-prem using Kerberos and want to enable external users to connect to our system through WAP. We like to avoid exposing our SharePoint "directly" to the outside network (pass-through) and not connect WAP in the DMZ with our…

sharepoint kerberos adfs wap dmz

asked Sep 04 '18 at 08:20

user8413577

votes

1 answer

Confirm active-session by asking IDP

Use Case To minimize the need for users to perform Sing On I would like to run an active session for as long as possible. The user does SSO and SP allows the user to have access until the point where IDP says - session (or account) is not active…

session saml-2.0 adfs

asked Sep 01 '18 at 06:52

rock3t

2,193
2
19
24

votes

1 answer

Is it possible to customize ADFS Sign in messages for invalid credentials

I have a web site which do the authentication through ADFS. I have set the maximum 3 attempts as account lockout. I need to show a customize message when the user try to login after second unsuccessful attempt as "Invalid credetials.After 3rd…

asp.net adfs

asked Aug 30 '18 at 09:04

LahiruD

Prev 1 2 3

…

99 100 Next