Questions tagged [adfs]

Active Directory Federation Services (ADFS) is a standards-based web Single Sign-On federated identity which implements claims based authentication across forests.

Active Directory Federation Services (ADFS for short) is a standards-based Web Single Sign-On federated identity which implements claims based authentication across forests. There are multiple versions ADFS 2.0 on WS2008/R2, ADFS in WS2012 (also called 2.1), ADFS in WS2012R2 (also called 3.0) and ADFS in WS2016 (also called 4.0)

ADFS provides authentication services for applications over standard protocols. We typically refer to these apps as claims based applications. Claims based authentication is the process of authenticating a user based on a set of claims about its identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims based authentication. Claims are essentially attributes derived from Active Directory, a LDAP or SQL server.

In ADFS, identity federation is established between two organizations by establishing trust between two security realms. A federation server on one side (the Accounts side) authenticates the user through the standard means in Active Directory Domain Services and then issues a token containing a series of claims about the user, including its identity.

On the other side, the Resources side, another federation server validates the token and issues another token for the local servers to accept the claimed identity. This allows a system to provide controlled access to its resources or services to a user that belongs to another security realm without requiring the user to authenticate directly to the system and without the two systems sharing a database of user identities or passwords.

Latest developer oriented information can be found at links below.

AD FS OpenID Connect/OAuth Concepts https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/development/ad-fs-openid-connect-oauth-concepts

AD FS OpenID Connect/OAuth flows and Application Scenarios https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios

2074 questions

votes

2 answers

Single Logout with ADFS

Trying to implement a Single Logout integration between IBM WebSphere as SP and ADFS as IdP: since SLO is not supported OOB by WebSphere as reported here on bottom of the page, I am searching for a reference about parsing SAMLRequest…

asked Jul 23 '18 at 22:46

tdev

votes

1 answer

CAS Delegated Authentication with ADFS

I'm trying to setup CAS with delegated authentication with ADFS. I checked the documentation for delegation and for adding ADFS integration. When I try to run the CAS server, I get the exception below. Can someone help me understand what is going…

java spring authentication cas adfs

asked Jul 23 '18 at 09:03

Bart

votes

1 answer

ADFS Powershell script to add additional SamlEndpoints to existing

This question likely doesn't require actual knowledge of ADFS, but I'm providing that for context. The command "Set-AdfsRelyingPartyTrust -Name X -SamlEndpoint Y" overwrites all SAML endpoints with what you specify. What I'd like to do is create a…

powershell adfs

asked Jul 18 '18 at 19:51

J. Scott

votes

2 answers

AzureAD as relying party, and IdentiyServer 4 as authentication provider

I am trying to set IS4 as Identity Provider. The first thing I tried was to create a federation trust between Azure AD and the domain where I hosted my IS4. once federated by using the "Get-MsolDomainFederationSettings" command in PowerShell I got…

azure saml-2.0 identityserver4 openid-connect adfs

asked Jul 18 '18 at 10:28

Bojan

votes

0 answers

Creating a Powershell variable from an object with multiple values

I'm attempting to create a script that will use "Set-ADFSRelyingPartyTrust -TargetName X -Identifier []" to add an additional Identifier to the ones that already exist. Since running the command as is only replaces the existing Identifiers, I need…

powershell adfs

asked Jul 17 '18 at 17:48

J. Scott

votes

1 answer

How to setup DbUser,AutoCreate,DbGroups in ADFS for Federated access to Redshift

I am trying to access redshift database using IAM federation following AWS documentation. In the documentation ,under "Step1:Set up IdPs and federation",it mentions that we need to set three optional attributes like…

amazon-web-services amazon-redshift adfs adfs2.0

asked Jul 15 '18 at 17:10

Ayan

votes

2 answers

ADAL AcquireToken Windows authentication UWP

I'm developing a UWP app that needs to authenticate against an on-premise ADFS 2016 instance, but using Windows integrated authentication. I'm using ADAL 3.19.8. The app is running on a Windows 10 device which is domain joined. The app has the…

uwp windows-authentication adfs adal

asked Jul 13 '18 at 16:09

TK1

votes

1 answer

Logout user when disabled in AD

We have configured ASP.NET Zero MVC + jQuery application to work with AD FS login. We cannot figure out if a person is currently login to website and we disable the person's account in Active Directory then how can we logout the user from website so…

adfs aspnetboilerplate

asked Jul 11 '18 at 20:53

soccer7

3,547
3
29
50

votes

0 answers

How do I update ADFS SSL certificate on secondary ADFS 2.0 installed on windows server 2008 R2 using powershell

How do I update ADFS SSL certificate on secondary ADFS 2.0 installed on windows server 2008 R2 using PowerShell? Installed certificate on certificate store. Provided read permissions to ADFS service account on private key. Bind the certificate on…

powershell adfs adfs2.0 adfs3.0

asked Jul 10 '18 at 19:58

abhilash m

votes

2 answers

AD FS access token to web API without user intervention

Looking for a way to get an app access token that can make calls to an API without making the user sign in. I have accomplished this use case using Azure AD where I get an app access token to write documents to a SharePoint library. I am not…

api adfs

asked Jul 06 '18 at 14:13

Brian Smith

1,467
15
31

votes

2 answers

SSO samlv2 adfs pass through authentication

Here's the situation : Login page of my application (login(not a mail), password) redirection to an adfs which ask me login/password of the machine. the configured adfs redirect me (with a post) to my app and logged I would like to know if it's…

single-sign-on office365 metadata saml adfs

asked Jul 06 '18 at 06:57

gon

votes

1 answer

How does ADFS communicate with AD?

How does Active Directory Federation Service (ADFS) connects to a classic on-premise Active Directory Domain Service or simply known as (AD)? Is it via the protocol HTTP?

active-directory adfs claims-based-identity

asked Jul 05 '18 at 22:16

FortuneSix

votes

1 answer

ADFS Single sign on is not working with session state mode "UserUri"

Our asp.net website was working fine with ADFS SSO since we made a change in the session state cookie settings from "Use Cookies" to "USE URI". After making this change, fam.IsSignInResponse(request) is always false in the below code so that it…

asp.net single-sign-on adfs claims-based-identity

asked Jul 02 '18 at 18:30

Sreekanth Mohan

votes

1 answer

Why does my SAMLresponse received from ADFS not contain any claims?

I have setup ADFS and a NodeJS application to perform single-sign-on using ADFS as IdP. I receive the SAMLreponse seen below. When I receive the profile-object inside the verify function setup for the SAML-strategy, I see this:…

passport.js saml-2.0 adfs claims-based-identity

asked Jun 28 '18 at 22:47

Nikola Schou

2,386
3
23
47

votes

1 answer

ADFS and .NET Core

I'm trying to implement ADFS for a .NET Core 2 application. Finding that there are very limited documentation regarding the subject. I'm trying to do this for an application that is located on a EC2 instance in AWS, and trying to reach a ADFS 2.0…

c# amazon-ec2 .net-core adfs

asked Jun 26 '18 at 08:52

Tobias Petersson

Prev 1 2 3

…

100 Next