Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [adfs]

Microsoft Active Directory Federation Service is an identity federation technology that provides single sign on access to web services and web applications using WS-* and SAML.

Microsoft Active Directory Federation Service is an identity federation technology that is compliant with industry standards such as WS-* and SAML 2.0. ADFS allows an organizations to use claims based access to web applications/services and provide single sign on (SSO) access to web applications. As ADFS is based on industry standards, interoperability with 3rd party federation technology is possible.

The initial version (ADFS 1.0) was shipped from Windows Server 2003 R2 onwards and is available in-box as of Windows Server 2008 R2. The latest version (AD FS 2.0) however is an out-of-band release that can be downloaded from http://www.microsoft.com.

More details are available from http://www.microsoft.com/windowsserver2008/en/us/ad-fs-2-overview.aspx

Claims based identity and access is explained at http://msdn.microsoft.com/en-us/library/ff423674.aspx

IT pro specific content is available from http://social.technet.microsoft.com/wiki/contents/articles/2735.aspx

358 questions
94
votes
1 answer

What is ADFS (Active Directory Federation Services)?

So I've been told that our PHP application may need to support authentication using ADFS. For a non-Microsoft person, what is ADFS? How does it differ to things like LDAP? How does it work? What kind of information would be included in a typical…
Simon East
  • 1,484
  • 1
  • 14
  • 18
49
votes
7 answers

If a Windows shop moves "everything" to the cloud, does it still need Active Directory?

Taking a spin off of this question: Do I really need MS Active Directory? in a new direction for 2014. Taking into account a basic Windows infrastructure: domain controllers Exchange 2007/2010/2013 Sharepoint SQL File Servers / Print Servers AD…
TheCleaner
  • 32,352
  • 26
  • 126
  • 188
13
votes
3 answers

An error occurred while using SSL configuration for endpoint 0.0.0.0:443

Based on information received from the network team. I have determined that the issue most likely rests with the application servers on the WAN. After replacing the certificate, I ran the PowerShell command Set-AdfsSslCertificate –Thumbprint XXXX…
lync sahni
  • 151
  • 1
  • 1
  • 5
12
votes
1 answer

ADFS - Restrict to AD Group

I just implemented an ADFS server to connect a third-party chat tool with our Active Directory via SAML 2.0. Everything works fine so far but there's a little problem: As soon as a user logs in, the chat tool creates an account for him…
hardmod
  • 431
  • 1
  • 4
  • 9
11
votes
1 answer

Microsoft Exchange Federation Trust Broken After Verifying in Office 365

Okay so...this all started during our Office 365 setup. According to Microsoft, you have to delete your on-premises federation trust from Exchange, verify the domain, then add it back...otherwise you get an obscure error message when validating the…
Nathan C
  • 14,901
  • 4
  • 42
  • 62
8
votes
3 answers

Can ADFS connect to other SSO services?

I have a .net application that's wired up to my local ADFS server (connected to our corporate AD server) and everything is working fine. My question is, can my ADFS establish a trusted connection to additional SSO services out on the internet like…
RichC
  • 295
  • 1
  • 3
  • 7
8
votes
1 answer

What is the SAML Assertion Consumer URL for an AD FS 2.0 Service Provider

I am configuring a service provider to use SSO authentication. I will be using AD FS 2.0 for this. What is the URL for the SAML Assertion Consumer that I need to give to the IdP? I think it may be something like one of…
Colin
  • 89
  • 1
  • 1
  • 3
7
votes
2 answers

Is ADFS a must-have, when you deploy hybrid exchange server?

With AADC implemented in our AD and Office 365, we want to deploy a hybrid Exchange next, is ADFS a must? Thanks!
thomasnli
  • 71
  • 7
7
votes
0 answers

Signout with ADFS3 with SAML

I have implemented SSO using ADFS3. I have a logout button for sign out and it’s working fine with my ws-federation passive endpoints. On logout I redirect user to logout.aspx page and there I have written code on page load…
user641812
  • 171
  • 4
7
votes
2 answers

How can the x-frame-options HTTP header of ADFS 3 be manipulated?

By default, ADFS 3 responses contain the "X-Frame-Options: DENY" HTTP header. This prevents ADFS from being run in an iframe, because this presents an opportunity for clickjacking attacks. At the moment my company is however implementing an…
wkampmann
  • 71
  • 1
  • 5
7
votes
2 answers

Why can a user log in via more than one UPN?

I've changed the for all users UPN suffix of a company from us.mycompany.local to mycompany.com in order to use claims-aware applications. In testing before the change I discovered that even if I changed the UPN suffix, a user could successfully…
Jim B
  • 23,938
  • 4
  • 35
  • 58
6
votes
1 answer

Support for refresh tokens in ADFS 2.2 OAuth flow

My colleague and I are trying to enable OAuth in ADFS 2.2. Everything is working except the server only passes back an access token (w/ expiration) and does not include a refresh token after successful login. There is very little documentation on…
Matt Dearing
  • 113
  • 1
  • 6
6
votes
2 answers

Windows Identity Foundation (WIF) application + ADFS 2.0 on Classic pipeline mode - Is it possible?

I have a working test application that uses Windows Idendity Foundation SDK and ADFS 2.0 for authentication, which runs on Windows Server 2008 R2, IIS 7.5, Integrated managed pipeline application pool mode. My problem is that the "real" application…
FourTonMantis
  • 111
  • 1
  • 1
  • 4
5
votes
3 answers

Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain

I'm using federated identity for Office-365 single sign-on. I have added the password change endpoint to my ADFS 3.0 server, and successfully opened the adfs update password page. However, whenever I try to update the password I get the error above.…
user3340627
  • 131
  • 1
  • 2
  • 8
5
votes
1 answer

How do I enable SAML Passive Authentication in ADFS 3.0?

For several years, I've used ADFS 2.x as a SAML IDP that works with SAML Passive Authentication. When the isPassive=true flag was set on the Request, the Response would include the following StatusCode section:
Phil
  • 161
  • 4
1
2 3
23 24