Questions tagged [adfs]

Active Directory Federation Services (ADFS) is a standards-based web Single Sign-On federated identity which implements claims based authentication across forests.

Active Directory Federation Services (ADFS for short) is a standards-based Web Single Sign-On federated identity which implements claims based authentication across forests. There are multiple versions ADFS 2.0 on WS2008/R2, ADFS in WS2012 (also called 2.1), ADFS in WS2012R2 (also called 3.0) and ADFS in WS2016 (also called 4.0)

ADFS provides authentication services for applications over standard protocols. We typically refer to these apps as claims based applications. Claims based authentication is the process of authenticating a user based on a set of claims about its identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims based authentication. Claims are essentially attributes derived from Active Directory, a LDAP or SQL server.

In ADFS, identity federation is established between two organizations by establishing trust between two security realms. A federation server on one side (the Accounts side) authenticates the user through the standard means in Active Directory Domain Services and then issues a token containing a series of claims about the user, including its identity.

On the other side, the Resources side, another federation server validates the token and issues another token for the local servers to accept the claimed identity. This allows a system to provide controlled access to its resources or services to a user that belongs to another security realm without requiring the user to authenticate directly to the system and without the two systems sharing a database of user identities or passwords.

Latest developer oriented information can be found at links below.

AD FS OpenID Connect/OAuth Concepts https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/development/ad-fs-openid-connect-oauth-concepts

AD FS OpenID Connect/OAuth flows and Application Scenarios https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios

2074 questions

votes

2 answers

Regex Negative look ahead in ADFS claim rule

I need to grant a claim to everyone not matching a particular LDAP attribute. I want to use a regex with a negative look ahead to perform this "not" clause c1:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", Value =~ "^(?!Test…

regex adfs adfs4.0

asked Aug 29 '18 at 23:49

BozoJoe

6,117
4
44
66

votes

1 answer

ADFS 3.0 HRDCookieEnabled Not Working

I'm running ADFS 3.0, and have both ContextCookieEnabled and HRDCookieEnabled enabled. I also have a 30 day lifetime on my cookies. The problem is that whenever a user selects and identity provider in the HRD screen, his choice is not remembered,…

authentication active-directory adfs adfs3.0

asked Aug 29 '18 at 12:56

MarkB

1,783
2
17
32

votes

1 answer

Invalid URI while using HTTP Redirect Binding

We're using HTTP redirect-binding for providing SAML authentication using omniauth-saml gem. For testing purpose, we've configured ADFS in the windows instance and created a URL for login page. We're able to login using some credentials by directly…

ruby saml omniauth adfs

asked Aug 28 '18 at 08:27

Radix

2,527
1
19
43

votes

1 answer

Unauthenticated area of application when using ADFS and WAP

Parts of my website require authentication and others do not e.g. Register page, About, contact us etc. For the authenticated areas we integrate with ADFS. We are introducing WAP and are considering the following. We could use preauthenticaiton and…

adfs

asked Aug 27 '18 at 15:30

user195166

votes

1 answer

ADFS server with multiple certificates

We have working ADFS 2016 server with over 100 clients as claims provider trusts. Now I need to join to a local government SAML2 system, which is common solution for many goverment bodies. It is compatible with our ADFS setup except they require…

adfs adfs4.0

asked Aug 22 '18 at 13:20

dvlpr

votes

1 answer

How to configure multiple IDPs in Shibboleth

I have installed shibboleth 3.0.2 version. I am hosting a single page application, which needs to be protected through ADFS login. There are two ADFS for different set of users. I have few queries as how to achieve this. How can i configure two…

adfs shibboleth

asked Aug 22 '18 at 08:07

Ron Harris

votes

1 answer

Move from LDAP user identification to ADFS

In a legacy Windows Forms application, users are now identified by an LDAP query. In essence, they scan their badge (barcode) and the application runs an LDAP query to get user attributes. I know, from a security perspective, this is bad, but…

authentication nfc adfs rfid

asked Aug 22 '18 at 07:47

huysentruitw

27,376
9
90
133

votes

1 answer

Which firewall ports need to be opened up between ADFS and AD servers?

I have 2 ADFS servers in one Azure subnet and 2 AD Servers in another subnet. What NSG rules do I need to add to incoming and outgoing for the ADFS and AD Subnets? Also there are ADFS proxy servers which will talk to the ADFS Servers. Which ports…

windows azure networking active-directory adfs

asked Aug 15 '18 at 12:50

itye1970

1,654
7
31
62

votes

1 answer

ASP.NET MVC 5 OWIN ADFS Token validation error

I am working on an ASP.NET MVC application which uses ADFS authentication and have the following error in our log files in production and I'm trying to figure out what the cause of this issue is, as I believe it is preventing some users from…

asp.net asp.net-mvc owin adfs

asked Aug 13 '18 at 16:06

willwolfram18

1,747
13
25

votes

1 answer

ADFS - Client credential Grant flow - resource server doesn't validate jwt

I've created an application group in ADFS, with 1 client and 1 resource server. I've managed to implement the flow on the client side (i get the access token), but when passing to the resource server api, it doesn't validate access token. What am i…

adfs .net-framework-version

asked Aug 10 '18 at 12:04

Alexandru Bogdan Titere

votes

2 answers

Setting up ADFS for a Web App

Following scenario: I have a web app running in the MS Azure cloud The app provides a user logon with username and password The new requirement is to provide the AD FS SSO for the web app, so that once a user has logged on the Windows machine, her…

azure web-applications single-sign-on adfs

asked Aug 06 '18 at 04:26

vaio

votes

0 answers

Shared cookie with adfs dotnet core

I have a web which is divided in 2. I'd like to authenticate user with one and then been authentified on the other app. So I fallow the documentation to share the cookie but I'm never authenticate on the second app. I share the Key between the 2…

c# cookies .net-core adfs

asked Aug 03 '18 at 12:16

Quentin

votes

2 answers

Adding custom Claims to ADFS from SQL Server

I am trying to add the custom Attributes via the SQL, and I'm following the steps on [https://blogs.technet.microsoft.com/vinitt/2013/04/15/how-to-use-to-custom-sql-attribute-store-to-generate-claims-and-authorize-user] I got the SQL Server setup,…

sql-server adfs

asked Aug 01 '18 at 23:38

Traderhut Games

1,222
1
15
30

votes

1 answer

whether need to enable ADFS , on the company application accessed by users outside the domain?

Problem statement :We have a company application and company employees use this application with username@company_domain.com , Active directory takes care of user's identity and roles , now we want some one from outside the organization to access…

.net facebook active-directory adfs

asked Jul 30 '18 at 07:34

OutOfBounds 94

votes

1 answer

Get user Attributes from ADFS

I am new to ADFS, Claims based auth and SAML2. I am working on an application that needs to get information from ADFS on a particular user. This isnt SSO. I will have a username passed to my application, i then need to query ADFS telling it what…

.net saml-2.0 adfs

asked Jul 27 '18 at 08:53

GaryT

Prev 1 2 3

…

99 100 Next