1,195 questions with Active Directory Federation Services tags
SSO for Grafana with AzureAD Authentication Using Client Certificates Instead ClientID/ClientSecret
I'm trying to set up Grafana with SSO authentications- I have all the relevant endpoints to configure SSO and test it successfully but recently i was asked to not to use Client_ID/Client_Secret as shown below due to some security…
Future cloud id log on may minimise codes and authentication times
After 20 plus years of fighting to keep up with the software hardware revolution I am pragmatic about the softening and less mentally draining functionality we are beginning to see with AI development, cloud services, faster speeds, internet expansion,…
What are the benefits of the existing single forest AD Domain to convert or upgrade the AD Domain Controllers from FRS to DFSR?
What are the benefits of the existing single forest AD Domain to convert or upgrade the AD Domain Controllers from FRS to DFSR? https://learn.microsoft.com/en-us/windows-server/storage/dfs-replication/migrate-sysvol-to-dfsr FFL & DFL: Windows Server…
ADFS service start failure
Dear Experts, We are not able to restart adfs service after activating new SSL certificate with "Set-AdfsSslCertificate -Thumbprint 'XXXXXXXXXXXACF1D94XXXXXXXXXXXXXXXXX" command. Below is the error we receive: on…
Slow LDAP Query Response. AD LDAP Performance Tuning Analysis
In our environment we are getting application authentication failure through ADFS-SAML. While ADFS is doing LDAP query from AD, AD is responding slow to ADFS with query output data, which causing either delay in authentication or failure(time-out). Here…
Create custom CloudAP plugin to authenticate to windows machine which is entra Joined?
My domain is federated with custom inhouse IDP and when the user tries to login in the entra joined machine as IDP CloudAP authenticates the user right? Is it possible to create custom CloudAP Plugin so after user enters the password our idp can enforce…
Unable to access Azure AD SAML mobile app in android 8.0 mobile device
We have an Azure AD enterprise app which supports SAML protocol for authentication. The app is working fine when accessed from system's browser, mobile device browser or when installed on personal Android /iOS device. However, when the same app is…
Unable to verify token signature. The signing key identifier does not match any valid registered keys.
getting this below error for all new starter, and if we change the password on old user they are not able to login on O365. Sign-in error code 5000811 Failure reason Unable to verify token signature. The signing key identifier does not…
Cannot enable Staged Rollout from Federation to PTA
We are currently federated to Entra ID with ADFS on premises. We are attempting to run the staged rollout feature with PTA and seamless sign on. Following this article: …
ADFS 4.0 2016 - can't view/browse "..federationserverservice.asmx" locally an external
After a fresh installation of ADFS on Server2016 I'am not able to open the following Url locally on the ADFS Server: https://<ADFS-FQDN>/adfs/fs/federationserverservice.asmx IE -> This page can’t be displayed Chrome -> This site can’t…
Remove last Exchange server from hybrid environment
Hi, We are Company of 10K mailboxes, and now we haves moved our mailboxes to Office 365, there are no mailboxes in on-prem Exchange. Just being used for Hybrid configuration and SMTP relay. Now we are planning to remove the last server from our…
windows hello for business On-Premises deployment error event
I try to deploy the on-prem HfB. We are running at domain function level of 2012R2. The single AD FS server runs 2019. I followed exactly the microsoft guide. But when I start my domain PC, the enroll process never happen. Here is the event 1021 messge…
Issue connecting Azure Windows Server VM to Blob Storage File Share
I am having trouble connecting my Azure Windows Server VM to a Blob Storage File Share, where 25 users have been assigned permission. I have been troubleshooting this issue for the past 5 days and cannot seem to resolve it. Can anyone help me with this…
Password hash synchronization is not working
I am switching from ADFS authentication to Password Hash Synchronization. I have enable the PHS successfully on AAD Connect sync and it was successful. I have changed the authentication method to PHS. However, when I tried to login to M365 portal, I get…
Configure federation between Google Workspace and Microsoft Entra ID error AADSTS51004
Hello, After follow the steps of this guide https://learn.microsoft.com/en-us/education/windows/configure-aad-google-trust I'm testing the login. I am getting the redirect to google when try to sign in but after that I get this error: Request Id:…
ADFS integration with AWS loadbalancers
Hi, i am trying to integrate ADFS server behind AWS load balancers. Proxy server behind application load balancer and ADFs farm server behind network load balancer however i am getting a 502 bad gateway error. Any suggestions?
Azure hybrid domain join
Hi, If I enable azure hybrid azure AD join from configuration device tasks in AD connector, does the end user of these existing AD only domain joined machines experience any prompts/ issues? Thanks
Azure connector
Hi, my org has set a service account up for using azure connector, it has now come to light that the password is no where to be seen. if this password is reset, is it a case that ad sync is stopped until the new password is updated in sync settings? It…
How to check if any application uses the IDP-initiated login endpoint in ADFS
Hello everyone, for security reasons, I want to disable the https://domain.com/adfs/ls/idpinitiatedsignon.aspx endpoint in the ADFS proxy servers. However, I need to make sure that no application is using IDP-initiated logins from the external network…
Failed to create AzureadKerberos (Cloud Kerberos Trust)
We are trying to establish cloud Kerberos trust to enable WHFB in our environment. However, it is giving below error. It gives error at command Set-AzureADKerberosServer. Any advise and suggestion will be highly appreciated. We have followed below…